IOS 12.1.1 Connection Error X509
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Jan 23, 2019 5:18 pm
IOS 12.1.1 Connection Error X509
Hi,
i´m VPN noop, so please be patient with me. After Googling 1 Hour without any solution i´m here to ask for help please ....
I use OpenVPN from my Win PC to my company. works great.. Then i copied the config Files to IOS 12.1.1 (IPAD 11)
I have three VPN Profiles (two to a linus machine) one to a win Server.
the Linux Connection works fine, but the Win Connection makes trouble.
From my Win PC it´s ok, but for IOS not, so i copied the certificates inline in the config File
My .ovpn File :
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-CBC:AES-256-GCM
auth SHA512
tls-client
client
resolv-retry infinite
remote xx.xx.xx.xx 1194 udp
verify-x509-name "pfsense-cert" name
auth-user-pass
pkcs12 pfSense-UDP4-1194-IPAD.ovpn12
tls-auth pfSense-UDP4-1194-tls.key 1
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
MIIDLzCCAhegAwIBAgIJALZArQiODpsHMA0GCSqGSIb3DQEBDQUAMBQxEjAQBgNV
...
xlDwBa08vlwB+V/gswYSrXQth/d0wdt5ol/TdBbf2x4PHs5cibIZekoAcCNvUPO/
0xRu
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDRDCCAiygAwIBAgIQamJKMCyFw5n0Qs4TIJN36jANBgkqhkiG9w0BAQ0FADAU
...
ToeLccfZ5Ob7q9UekXi/xZYwGV5KY+BUrGguzyXcug2LTmsnz4rLqfOtabicDWTK
N5QetB7u5Lepes4ZQf8D0FzAgL/wmXWk
-----END CERTIFICATE-----
</cert>
The Error is: mbed TLS: SSL read error : X509 Certificate verification failed...
What can I do ?
Thanks!
Marco
i´m VPN noop, so please be patient with me. After Googling 1 Hour without any solution i´m here to ask for help please ....
I use OpenVPN from my Win PC to my company. works great.. Then i copied the config Files to IOS 12.1.1 (IPAD 11)
I have three VPN Profiles (two to a linus machine) one to a win Server.
the Linux Connection works fine, but the Win Connection makes trouble.
From my Win PC it´s ok, but for IOS not, so i copied the certificates inline in the config File
My .ovpn File :
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-CBC:AES-256-GCM
auth SHA512
tls-client
client
resolv-retry infinite
remote xx.xx.xx.xx 1194 udp
verify-x509-name "pfsense-cert" name
auth-user-pass
pkcs12 pfSense-UDP4-1194-IPAD.ovpn12
tls-auth pfSense-UDP4-1194-tls.key 1
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
MIIDLzCCAhegAwIBAgIJALZArQiODpsHMA0GCSqGSIb3DQEBDQUAMBQxEjAQBgNV
...
xlDwBa08vlwB+V/gswYSrXQth/d0wdt5ol/TdBbf2x4PHs5cibIZekoAcCNvUPO/
0xRu
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDRDCCAiygAwIBAgIQamJKMCyFw5n0Qs4TIJN36jANBgkqhkiG9w0BAQ0FADAU
...
ToeLccfZ5Ob7q9UekXi/xZYwGV5KY+BUrGguzyXcug2LTmsnz4rLqfOtabicDWTK
N5QetB7u5Lepes4ZQf8D0FzAgL/wmXWk
-----END CERTIFICATE-----
</cert>
The Error is: mbed TLS: SSL read error : X509 Certificate verification failed...
What can I do ?
Thanks!
Marco
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: IOS 12.1.1 Connection Error X509
The first thing you can do is contact the Network Administrator at your company for assistance.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Jan 23, 2019 5:18 pm
Re: IOS 12.1.1 Connection Error X509
he is gone and now i´m the new one
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Jan 23, 2019 5:18 pm
Re: IOS 12.1.1 Connection Error X509
>>After Googling 1 Hour without any solution i´m here to ask for help please ....
Upd: And also Reading the Docs.
Is this the sense of a Forum? RTFM ? This mostly right for all questions, or?
So please anybody else any Idea except TinCanTech?
Upd: And also Reading the Docs.
Is this the sense of a Forum? RTFM ? This mostly right for all questions, or?
So please anybody else any Idea except TinCanTech?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: IOS 12.1.1 Connection Error X509
You did not read this carefully:
viewtopic.php?f=30&t=22603
Without the details requested any help we offer would be a guess at best.
That is why we wrote them. Start with the HOWTO.
All i can say is that mbedTLS finds a certificate verification has failed ..
-
- OpenVpn Newbie
- Posts: 6
- Joined: Fri Jul 28, 2017 8:51 pm
Re: IOS 12.1.1 Connection Error X509
I had the same problem, and i was able to solve it. the IOS can`t understand the key of client`s certificate. You`ll need to decript with OpenSSL tool.
download and install both
http://downloads.sourceforge.net/gnuwin ... -setup.exe
http://downloads.sourceforge.net/gnuwin ... -setup.exe
Get your .key file and put it in c:\cert\
open CMD and run the command
openssl rsa -in C:/cert/file.key -out C:/cert/file-DEC.key
open DEC file with notepad and copy all of the content
paste into .ovpn file between <key> </key> tags.
hope this help you.
download and install both
http://downloads.sourceforge.net/gnuwin ... -setup.exe
http://downloads.sourceforge.net/gnuwin ... -setup.exe
Get your .key file and put it in c:\cert\
open CMD and run the command
openssl rsa -in C:/cert/file.key -out C:/cert/file-DEC.key
open DEC file with notepad and copy all of the content
paste into .ovpn file between <key> </key> tags.
hope this help you.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Jul 15, 2019 1:51 am
Re: IOS 12.1.1 Connection Error X509
I tried but it didn'r work as well.roger.hermes wrote: ↑Mon Feb 11, 2019 1:52 pmI had the same problem, and i was able to solve it. the IOS can`t understand the key of client`s certificate. You`ll need to decript with OpenSSL tool.
download and install both
http://downloads.sourceforge.net/gnuwin ... -setup.exe
http://downloads.sourceforge.net/gnuwin ... -setup.exe
Get your .key file and put it in c:\cert\
open CMD and run the command
openssl rsa -in C:/cert/file.key -out C:/cert/file-DEC.key
open DEC file with notepad and copy all of the content
paste into .ovpn file between <key> </key> tags.
hope this help you.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Fri Jul 28, 2017 8:51 pm
Re: IOS 12.1.1 Connection Error X509
did you had the same issue? i guess you have some problem with .ovpn file.
this is my ovpn file working with IOS 12.3.1 in iPhone 6S
client
dev tun
proto tcp-client
remote ddns1.myhost.com.br
port 4750
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
auth-user-pass
key-direction 1
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-nocache
reneg-sec 0
resolv-retry infinite
connect-timeout 86400
#certificado CA.crt
<ca>
-----BEGIN CERTIFICATE-----
MIID1zCCAr+gAwIBAgIIfs1vJao/GVUwDQYJKoZIhvcNAQELBQAwXzELMAkGA1UE
....
-----END CERTIFICATE-----
</ca>
#Certificado de cliente assinado pelo CA - Client1.crt
<cert>
-----BEGIN CERTIFICATE-----
MIIDwjCCAqqgAwIBAgIIe6QXgKaYwQ4wDQYJKoZIhvcNAQELBQAwXzELMAkGA1UE
...
-----END CERTIFICATE-----
</cert>
#Chave de certificado Client1.crt assinada pelo CA.crt decriptado por OPENSSL RSA - CLIENT1-DEC.key
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAy8bg+NJWJ1kI4Rgl0kd/VdOKU4AVtla/09T5d1daepp/HF2u
...
-----END RSA PRIVATE KEY-----
</key>
for any questions 14905rlh(@)gmail.com
this is my ovpn file working with IOS 12.3.1 in iPhone 6S
client
dev tun
proto tcp-client
remote ddns1.myhost.com.br
port 4750
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
auth-user-pass
key-direction 1
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-nocache
reneg-sec 0
resolv-retry infinite
connect-timeout 86400
#certificado CA.crt
<ca>
-----BEGIN CERTIFICATE-----
MIID1zCCAr+gAwIBAgIIfs1vJao/GVUwDQYJKoZIhvcNAQELBQAwXzELMAkGA1UE
....
-----END CERTIFICATE-----
</ca>
#Certificado de cliente assinado pelo CA - Client1.crt
<cert>
-----BEGIN CERTIFICATE-----
MIIDwjCCAqqgAwIBAgIIe6QXgKaYwQ4wDQYJKoZIhvcNAQELBQAwXzELMAkGA1UE
...
-----END CERTIFICATE-----
</cert>
#Chave de certificado Client1.crt assinada pelo CA.crt decriptado por OPENSSL RSA - CLIENT1-DEC.key
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAy8bg+NJWJ1kI4Rgl0kd/VdOKU4AVtla/09T5d1daepp/HF2u
...
-----END RSA PRIVATE KEY-----
</key>
for any questions 14905rlh(@)gmail.com