Inline Certificates

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Fauch
OpenVpn Newbie
Posts: 2
Joined: Sun May 27, 2018 3:41 pm

Inline Certificates

Post by Fauch » Sun May 27, 2018 3:46 pm

Hi,

maybe I'm stupid, but I cannot get inline certificates to work.

Here's my config:

Code: Select all

client
dev tun
proto udp4

#Server IP and Port
remote dummy.net 1194

resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
key dummy.key
ca dummy.ca
cert dummy.crt
comp-lzo
remote-cert-tls server
#remote-cert-ku f8
mssfix 1420
This config works just fine, but when I replace this line

Code: Select all

ca dummy.ca
with

Code: Select all

ca [INLINE]
and then paste my cert file inbetween <ca> and </ca> tags, I get

Sun May 27 17:45:13 2018 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Similar things happen if I replace cert or ca with the inline variants.

I feel stupid for being stuck on something so trivial. My OpenVPN client is version 2.46.

Best regards and thanks in advance.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Inline Certificates

Post by TinCanTech » Sun May 27, 2018 4:03 pm

Fauch wrote:
Sun May 27, 2018 3:46 pm
when I replace this line

Code: Select all

ca dummy.ca
with

Code: Select all

ca [INLINE]
and then paste my cert file inbetween <ca> and </ca> tags, I get

Sun May 27 17:45:13 2018 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
You do not replace --ca /path/to/ca.crt with --ca [INLINE]

You get rid of the line --ca /path/to/ca.crt and replace it with:

Code: Select all

<ca>
paste your ca.crt here
</ca>
Fauch wrote:
Sun May 27, 2018 3:46 pm
Sun May 27 17:45:13 2018 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Similar things happen if I replace cert or ca with the inline variants.
I use inline all the time and have no problems with it .. you probably just pasted the wrong file.

Fauch
OpenVpn Newbie
Posts: 2
Joined: Sun May 27, 2018 3:41 pm

Re: Inline Certificates

Post by Fauch » Sun May 27, 2018 4:11 pm

Nope, I did not. I triple checked that.

TiTex
OpenVPN Super User
Posts: 310
Joined: Tue Apr 12, 2011 6:22 am

Re: Inline Certificates

Post by TiTex » Sun May 27, 2018 6:27 pm

just post your config containing the the CA too , as far as i know that information is not secret , but if you want you can also generate some test ca/client/server certs

by the way you need to paste the base64 encoded cert including the -----BEGIN CERTIFICATE----- , -----END CERTIFICATE----- tags

Post Reply