bad X509 key usage in leaf certificate

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
harri
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 18, 2013 3:06 pm

bad X509 key usage in leaf certificate

Post by harri » Wed Dec 18, 2013 3:35 pm

I've got a problem at connection time. AFAICS the certificate chain is verified correctly, but then openVPN fails with

Code: Select all

VERIFY FAIL -- bad X509 key usage in leaf certificate
Transport Error: PolarSSL: SSL read error : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
EVENT: CERT_VERIFY_FAIL PolarSSL: SSL read error : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed [ERR]
EVENT: DISCONNECTED
The X509v3 extensions of my certificate are

Code: Select all

X509v3 Basic Constraints: critical
    CA:FALSE
X509v3 Key Usage: critical
    Digital Signature, Key Encipherment, Data Encipherment, Key Agreement
X509v3 Extended Key Usage: 
    TLS Web Client Authentication
Netscape Comment: 
    xca certificate
On Linux this works fine, so every helpful comment is highly appreciated.
The openVPN app is version 1.0.2.
Top
User avatar
jamesyonan
OpenVPN Inc.
Posts: 169
Joined: Thu Jan 24, 2013 12:13 am

Re: bad X509 key usage in leaf certificate

Post by jamesyonan » Wed Dec 18, 2013 5:54 pm

This error normally occurs when you are using the remote-cert-ku directive to force additional server certificate checks on the client, and those checks are failing.

James
Top
harri
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 18, 2013 3:06 pm

Re: bad X509 key usage in leaf certificate

Post by harri » Wed Dec 18, 2013 6:48 pm

Problem solved. :-)
Thanx very much
Harri
Top
jongyau
OpenVpn Newbie
Posts: 1
Joined: Mon Aug 05, 2013 3:18 am

Re: bad X509 key usage in leaf certificate

Post by jongyau » Wed Dec 25, 2013 8:24 am

Can you provide more information about how to solve the problem?
Many thanks!
Top
Post Reply

Return to “OpenVPN Connect (iOS)”