OVPN Oreo does not accept certificate

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
emdef
OpenVpn Newbie
Posts: 9
Joined: Wed Mar 14, 2018 9:00 pm

OVPN Oreo does not accept certificate

Post by emdef » Wed Mar 14, 2018 9:10 pm

I'm using OVPN successfully for years to connect to my QNAP NAS, using Android and Win clients. Now I got a new smart phone (Oreo 8.0.0) installed OpenVpn via Play-Store (v 3.0.3) and put my *.ovpn files on the phone - the App successfully import the ovpn files, but when I'm trying to connect it always complains that there is not valid certificate.

I first tried the ovpn files which work for my laptop (Win7), then tried unified ovpn files (with the embedded <ca> certificate), then tried a separate ca.crt file. I tried to convert the files into dos or unix file format (CR/LF issue) - but in all cases I got the missing certificate error. The ca.crt is in the same folder as the ovpn-file.

I also tried to import the ca.crt certifacte into android (using the "install from SD card" feature) which works - but still OVPN complains about missing certificate. The android system shows my certificate under "Benutzeranmeldeinformation" (sorry, its a german system, guess this means something like "user login info") - is it maybe necessary to have a specific name for the certificate ?

I've seens that other people seem to have issues after upgrade to Oreo - my phone runs Oreo 8.0.0, too.

I appreciate any help, thanks

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OVPN Oreo does not accept certificate

Post by TinCanTech » Wed Mar 14, 2018 9:26 pm

Is the warning something to do with MD5 ?

Just in case .. https duckduckgo

emdef
OpenVpn Newbie
Posts: 9
Joined: Wed Mar 14, 2018 9:00 pm

Re: OVPN Oreo does not accept certificate

Post by emdef » Wed Mar 14, 2018 9:49 pm

..I guess no, there is no message about MD5 - BTW, I dont know what to do with your duckduckgo-Link

The message on the screen says: "Select Certificate - this profile doesn't include a client certificate. Continue connecting without a certificate or select one from the Android keychain: continue / select certificate"

But like I said, I tried both unified ovpn files and also separate ca.crt files - both wont do

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OVPN Oreo does not accept certificate

Post by TinCanTech » Wed Mar 14, 2018 10:06 pm

Can you post your log file ?

emdef
OpenVpn Newbie
Posts: 9
Joined: Wed Mar 14, 2018 9:00 pm

Re: OVPN Oreo does not accept certificate

Post by emdef » Wed Mar 14, 2018 10:23 pm

There is no log file

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OVPN Oreo does not accept certificate

Post by TinCanTech » Wed Mar 14, 2018 11:15 pm

That is hard to believe .. :roll:

See --log & --verb in The Manual v24x

emdef
OpenVpn Newbie
Posts: 9
Joined: Wed Mar 14, 2018 9:00 pm

Re: OVPN Oreo does not accept certificate

Post by emdef » Thu Mar 15, 2018 7:46 am

..eh, how can I supply command line options to an Android App ? I tapped on the "log" icon and this one says, there is no log.
I also checked the sdcard/android/data/net.openvpn.openvpn folder, but there are only empty 'cache' and 'files' folders

BohdanHamulets
OpenVpn Newbie
Posts: 5
Joined: Thu Mar 15, 2018 12:04 pm

Re: OVPN Oreo does not accept certificate

Post by BohdanHamulets » Thu Mar 15, 2018 12:41 pm

emdef wrote:
Wed Mar 14, 2018 10:23 pm
There is no log file
Hi emdef,

Please take a look on the option to view and share log.
https://ibb.co/kJP2aH
https://ibb.co/eughaH
You can also share the .ovpn file, just remove any secure/sensetive infromation from it.

emdef
OpenVpn Newbie
Posts: 9
Joined: Wed Mar 14, 2018 9:00 pm

Re: OVPN Oreo does not accept certificate

Post by emdef » Thu Mar 15, 2018 3:57 pm

Well now: when I write "there is no log file"- then, there is no log file. Really, believe me. I tapped on the log button just as you explained and then I have an blank screen with the text "you have no logs yet".

The sequence of what I did is this: I imported my existing ovpn profile, enter my username (no password) and saved it. Then I try to connect. A popup asks for my password and then another popup said (as I explain above) "Select certificate, there is no valid certificate...." - and at this point I aborted the process.

I don't remember, maybe I didn't try this before, but right now, with the popup as described above, I tapped on "continue" and ... surprise ... OpenVPN connects successfully. I just tried again, and now it connects without any message about certificates. Also my QNAP tells me I'm connected - but now it looks like the routing fails, which might be a different problem.

It seems as if the certificate-popup is only a warning, but I took it for a severe error - maybe thats something to improve...

emdef
OpenVpn Newbie
Posts: 9
Joined: Wed Mar 14, 2018 9:00 pm

Re: OVPN Oreo does not accept certificate

Post by emdef » Thu Mar 15, 2018 4:11 pm

I think my certificate issue is fixed - but with VPN connected (no Wifi, just mobile data) I can neither talk to devices in my VPN network, nor reach the internet anymore. There are more people reporting similar behaviour which seems to be ralated to OREO update...

BohdanHamulets
OpenVpn Newbie
Posts: 5
Joined: Thu Mar 15, 2018 12:04 pm

Re: OVPN Oreo does not accept certificate

Post by BohdanHamulets » Thu Mar 15, 2018 4:15 pm

emdef wrote:
Thu Mar 15, 2018 4:11 pm
I think my certificate issue is fixed - but with VPN connected (no Wifi, just mobile data) I can neither talk to devices in my VPN network, nor reach the internet anymore. There are more people reporting similar behaviour which seems to be ralated to OREO update...
Could you please tell what action resolved your issue with the certificate?

Also, could you please share the logs? They should be present by now. Does it work well when you're connected to wifi?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OVPN Oreo does not accept certificate

Post by TinCanTech » Thu Mar 15, 2018 4:25 pm

1.
BohdanHamulets wrote:
Thu Mar 15, 2018 4:15 pm
Could you please tell what action resolved your issue with the certificate?
This is important to understand.
emdef wrote:
Thu Mar 15, 2018 3:57 pm
Then I try to connect. A popup asks for my password and then another popup said (as I explain above) "Select certificate, there is no valid certificate...." - and at this point I aborted the process.

I don't remember, maybe I didn't try this before, but right now, with the popup as described above, I tapped on "continue" and ... surprise ... OpenVPN connects successfully. I just tried again, and now it connects without any message about certificates
The real problem is "Why did Openvpn not find a valid certificate" ?

2.
emdef wrote:
Thu Mar 15, 2018 4:11 pm
with VPN connected (no Wifi, just mobile data) I can neither talk to devices in my VPN network, nor reach the internet anymore.
That is a completely different issue to your earlier certificate problem.

Please see:
HOWTO: Routing all client traffic (including web-traffic) through the VPN
HOWTO: Request Help ! {2}

emdef
OpenVpn Newbie
Posts: 9
Joined: Wed Mar 14, 2018 9:00 pm

Re: OVPN Oreo does not accept certificate

Post by emdef » Thu Mar 15, 2018 8:06 pm

After entering my password in the password popup dialog, this other dialog popped up which said "Select certificate, there is no valid ...." and this popup gave me the choice between "continue" and "select certificate". Because I took this for a severe error message I always tried "select certificate" which brought me to the file system and let me choose my "ca.crt" file (pretty useless, since I used a ovpn file with certificate inside, but I also supplied a separate ca.crt file, just in case...), but the process never finished successfully.

Today I tried the "continue" button in this dialog and to my surprise OVPN connected to my QNAP. After this first and successful connect, it never prompted again for any certificate. According to my QNAP logs, the connection is established.

Since it works now and OVPN never asked again for a certificate, I assume the OpenVPN-connect app was able to read the certificate very well, but some other issue caused this popup dialog. Since I'm a software developer, too, maybe there is an issue accessing Android's certificate system (perhaps something with Oreo), this threw an internal exception and so the popup came up - despite the fact that my imported profile provided a valid certificate.

I'm currently not able to test this via Wifi, because the only Wifi I can use is my own one - I might be able to check this in the next days

And yes, of course, the fact the the VPN connects, but does not work is another issue

sa3ad
OpenVpn Newbie
Posts: 1
Joined: Wed Jul 04, 2018 2:31 am

Re: OVPN Oreo does not accept certificate

Post by sa3ad » Wed Jul 04, 2018 2:38 am

hi , i have the same issue :
click on " connect shortcut " , normally it connects and minimize , but for a while now , it asks for certificate or continue and never minimize.
it does connect when i tap continue but it is annoying a bit.

openvpn 3.0.5
oneplus 6
oxygen 5.1.8
i had this issue before on oneplus 5t

Image

nedko
OpenVpn Newbie
Posts: 1
Joined: Fri Jul 06, 2018 3:33 pm

Re: OVPN Oreo does not accept certificate

Post by nedko » Fri Jul 06, 2018 3:42 pm

I've got the exact same problem and it's not a bit annoying. it is actually more than annoying because suddenly the device needs my attention and it no vpn is there without my divine touch on button Continue.
It smells like bug because I actually point him out to the certificate then a hint appears briefly stating that certificate is installed and then Ovpn Client tells me again that no certificate is there and needs to be installed (the screen as on the posting of sa3ad above)
Now I'm using the current Ovpn client from the Google store and Android 8.1.
With the previous version of the client and with my old phone on Android 5.1 I had no such problem - and i'm using the same .ovpn file as before

UPDATE:

just found on another thread here that it is possible to turn off the check for certificate with this line in the .ovpn file:

Code: Select all

setenv CLIENT_CERT 0
Tried it. It works. No more nagging screens. It is again unattended.

Youniverse
OpenVpn Newbie
Posts: 1
Joined: Tue Jul 24, 2018 12:49 pm

Re: OVPN Oreo does not accept certificate

Post by Youniverse » Tue Jul 24, 2018 12:52 pm

nedko wrote:
Fri Jul 06, 2018 3:42 pm

Code: Select all

setenv CLIENT_CERT 0
Tried it. It works. No more nagging screens. It is again unattended.
Thank you! Indeed, it works

Post Reply