Community Support Forum
https://forums.openvpn.net/
Some forums claim that it is necessary - but it is not.Nucleardragon wrote:
Do I understand correctly that the private client key file must be in the RSA (----- BEGIN RSA PRIVATE KEY -----)?
That is, need to do convert to the RSA format
Example:Code: Select all
openssl rsa-in client.key-out client_rsa.key
Is it possible to Get a better explaination how to do this ?jamesyonan wrote:Right, make sure to include a ca directive in your profile, even if you are using a PKCS#12 cert/key pair from the Keychain. On iOS in particular, OpenVPN is NOT able to access the CA list included in PKCS#12 files that were imported into the iOS Keychain.
If the ca directive is not included, you will see errors such as this:
or
- PolarSSL: error parsing ca certificate : X509 - The certificate format is invalid, e.g. different type expected
You can extract the CA list from the PKCS12 file using this openssl command:
- PolarSSL: ca certificate is undefined
Then add a reference to ca.crt in your profileCode: Select all
openssl pkcs12 -in client.p12 -cacerts -nokeys -out ca.crtor expand the certs inline such asCode: Select all
ca ca.crtCode: Select all
<ca> [paste contents of ca.crt here] </ca>
Hi RomanScorpionSX wrote:Hi guys, first of all, let me thank you for the official OpenVPN client for iOS - feature, which was really missed! Good job!
Now to my question/problem. I have an IPCop firewall running an OpenVPN server, which works well for all the Windows clients, the firewall provides GUI to setup the server and also sort of "all-in-one" ZIP package to copy to clients - it's basically a .ovpn file with .p12 file for authentication.
Also there are certificates created during the setup of the OpenVPN server.
Now, when I extract this ZIP package to Windows OpenVPN GUI client, I can connect in one click, all I need is to input password and that's it. But, when I'm trying to use the same files on my iOS devices (iP4S and iPad 3rd gen, both iOS 6.0.1), I get an error regarding format of certificate used, for example:Basically all I do, is import the .p12 file into my iOS Keychain, install it there (it says it's a "certificate") and then select it in the OpenVPN Connect app.Code: Select all
2013-01-22 20:05:10 ----- OpenVPN Start ----- 2013-01-22 20:05:10 EVENT: CORE_ERROR PolarSSL: error parsing ca certificate : X509 - The certificate format is invalid, e.g. different type expected [ERR] 2013-01-22 20:05:10 Raw stats on disconnect: 2013-01-22 20:05:10 Performance stats on disconnect: CPU usage (microseconds): 11989 Network bytes per CPU second: 0 Tunnel bytes per CPU second: 0 2013-01-22 20:05:10 ----- OpenVPN Stop ----- 2013-01-22 20:05:10 EVENT: DISCONNECT_PENDING
So what am I doing wrong? Please keep in mind that I'm new at this, and this is literally the first time I'm setting something like this up myself (PC or mobile device).
Thanks in advance for reply.
Kind regards,
Roman.