Official client software for OpenVPN Access Server and OpenVPN Cloud.
-
alfa147x
- OpenVpn Newbie
- Posts: 4
- Joined: Thu May 30, 2013 1:52 pm
Post
by alfa147x » Thu May 30, 2013 2:00 pm
Could someone look over this config file and verify that my config file is correct?
Thanks!
Where you see * is where I've removed content.
Code: Select all
client
dev tun
proto tcp
remote * 443
resolv-retry infinite
nobind
persist-key
persist-tun
cipher BF-CBC
keysize 512
comp-lzo
verb 4
mute 5
tun-mtu 1500
mssfix 1450
auth-user-pass
reneg-sec 0
<ca>
-----BEGIN CERTIFICATE-----
*
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: ****************************
Validity
Not Before: ****************************
Not After : ****************************
Subject: ****************************
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**:**:**:**:**:**:**:**:**:**:**:**:**:**:
**:**
Exponent: ***** (0x*****)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
*
X509v3 Authority Key Identifier:
keyid:*
DirName:*
serial:*
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
*
-----BEGIN CERTIFICATE-----
*
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
*
-----END RSA PRIVATE KEY-----
</key>
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
-
alfa147x
- OpenVpn Newbie
- Posts: 4
- Joined: Thu May 30, 2013 1:52 pm
Post
by alfa147x » Thu May 30, 2013 2:17 pm
I just tried this with no luck:
Code: Select all
client
dev tun
proto tcp
remote * 443
resolv-retry infinite
nobind
persist-key
persist-tun
cipher BF-CBC
keysize 512
comp-lzo
verb 4
mute 5
tun-mtu 1500
mssfix 1450
auth-user-pass
reneg-sec 0
<ca>
-----BEGIN CERTIFICATE-----
*
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
*
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
*
-----END RSA PRIVATE KEY-----
</key>
-
lolex
- OpenVPN Power User
- Posts: 52
- Joined: Sun Jun 05, 2011 7:50 pm
Post
by lolex » Fri May 31, 2013 11:33 am
Could you post the details of your CA in the same way as you posted the certificate in your first message?
-
alfa147x
- OpenVpn Newbie
- Posts: 4
- Joined: Thu May 30, 2013 1:52 pm
Post
by alfa147x » Fri May 31, 2013 2:38 pm
lolex wrote:Could you post the details of your CA in the same way as you posted the certificate in your first message?
Thanks for the help. All my Ca.crt has in it is:
Code: Select all
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIJANJevG4eanbDMA0GCSqGSIb3DQEBBQUAMIGwMQswCQYD
****************************************************************
A1UEChMScHJvWFBOIERpcmVjdCwgTExDMRMwEQYDVQQLEwpwcm94cG4uY29tMRMw
****************************************************************
hvcNAQkBFhJzdXBwb3J0QHByb3hwbi5jb20wHhcNMTAwNjA4MTQ0NDExWhcNMjAw
****************************************************************
EwxTYW5GcmFuY2lzY28xGzAZBgNVBAoTEnByb1hQTiBEaXJlY3QsIExMQzETMBEG
A1UECxMKcHJveHBuLmNvbTETMBEGA1UEAxMKcHJveHBuLmNvbTETMBEGA1UEKRMK
cHJveHBuLmNvbTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBwcm94cG4uY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAug1oqmSJ6pL4p2B9vr0dx9UM
FihYyJQAG466plFbotHXQwW09s9Tn2qDxaJobCb7uX5d6ax/4ZzAipqBTxDncO05
****************************************************************
5O9GbygT8BpAmFHMy/x9rGgnbQQxoDx/Lb16nCHvZouuQ1m8Vw7knygRe/nLLlzx
yM/wHViLqZiQB3pNlOPyBPLZa7RjNMtsl7LFw+ah9y8Mdfvtc8q5C5z78mgRDTyF
Ild90i/7CbZjcZLGDz7G7pKSxeiAOD4OkHRQA6/OzhVRGaFEsyZH4HuGGrLtXwID
AQABo4IBGTCCARUwHQYDVR0OBBYEFKvNJBpQvaxDdI1exwLB7dJayPrjMIHlBgNV
****************************************************************
EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEbMBkGA1UE
ChMScHJvWFBOIERpcmVjdCwgTExDMRMwEQYDVQQLEwpwcm94cG4uY29tMRMwEQYD
****************************************************************
AQkBFhJzdXBwb3J0QHByb3hwbi5jb22CCQDSXrxuHmp2wzAMBgNVHRMEBTADAQH/
MA0GCSqGSIb3DQEBBQUAA4IBAQAve0ODYMpPYaKapzivsX8Tr0tp3HIosichqVzs
d1y29ZT1bEqYGAoNOVWcz6nXYP/MDwpU1MJ4EZn5HUX2SPiDOPThqgdfc9KvUc91
****************************************************************
Jjci03/CrFTDT90GFQr+s2aszrxJu2YaKB69XF66x7zwYYYHipJ/THiqBZFwMl4t
****************************************************************
iMWIdmaw17lrIb22Pws7PWTY44RPDBHhZXUU6/ljNJ9qgVgf
-----END CERTIFICATE-----
-
lolex
- OpenVPN Power User
- Posts: 52
- Joined: Sun Jun 05, 2011 7:50 pm
Post
by lolex » Fri May 31, 2013 3:39 pm
Hello,
could you post it in a human readable form? Just like in your first message:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
.....
-
alfa147x
- OpenVpn Newbie
- Posts: 4
- Joined: Thu May 30, 2013 1:52 pm
Post
by alfa147x » Fri May 31, 2013 5:35 pm
lolex wrote:Hello,
could you post it in a human readable form? Just like in your first message:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
.....
Oh. Unfortunately my CA file does not contain anything like that. I posted exactly what my CA file had except for the portions I removed. Is there something else I should look for?
-
lolex
- OpenVPN Power User
- Posts: 52
- Joined: Sun Jun 05, 2011 7:50 pm
Post
by lolex » Mon Jun 03, 2013 8:53 am
If you have access to a linux system then you can create a human readable output via
Code: Select all
openssl x509 -in <YourCA.crt> -noout -text
Then you can censor your personal information and post it here.
