Hi guys,
I used a .ovpn file in a new iphone with IOS 12.3.1 and OpenVpn 3.0.2(894), but it could not connect to the server. This .ovpn file was used in another iphone with IOS 9.x.x and OpenVPN 1.0.5 build 177, it worked very well.
Error shown below:
"There was an error attempting to connect to the seleceted server.
Error message: mbed TLS: SSL read error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"
Log shown below:
"……
2019-07-12 10:01:30 VERIFY FAIL -- The certificate is signed with an unacceptable hash. : depth=0
cert. version : 3
serial number : 01
issuer name :
subject name :
issued on : 2017-09-02 09:59:04
expires on : 2027-08-31 09:59:04
signed using : RSA with MD5
RSA key size : 1024 bits
basic constraints : CA=false
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
"
Thanks for your help!
Connection Error X509 "Certificate Verification Failed"
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Jul 15, 2019 1:51 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connection Error X509 "Certificate Verification Failed"
Looks like you need a new certificate.bobdog wrote: ↑Mon Jul 15, 2019 6:58 am"There was an error attempting to connect to the seleceted server.
Error message: mbed TLS: SSL read error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"
Log shown below:
"……
2019-07-12 10:01:30 VERIFY FAIL -- The certificate is signed with an unacceptable hash. : depth=0
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Jul 15, 2019 1:51 am
Re: Connection Error X509 "Certificate Verification Failed"
The .ovpn file does not work under the latest IOS and openVPN version. I wonder why it could be used in IOS 9.x.x and OpenVPN 1.0.5 build 177?TinCanTech wrote: ↑Mon Jul 15, 2019 11:37 amLooks like you need a new certificate.bobdog wrote: ↑Mon Jul 15, 2019 6:58 am"There was an error attempting to connect to the seleceted server.
Error message: mbed TLS: SSL read error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"
Log shown below:
"……
2019-07-12 10:01:30 VERIFY FAIL -- The certificate is signed with an unacceptable hash. : depth=0
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Connection Error X509 "Certificate Verification Failed"
I expect your certificate is signed with either MD5 or SHA1 hash both of which have been considered to be insecure for quite some time. Now that you have upgraded your IOS client the new client will not use certificates signed with these old hash algorithms.