OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

bad X509 key usage in leaf certificate

https://forums.openvpn.net/viewtopic.php?t=14564

Page 1 of 1

bad X509 key usage in leaf certificate

Posted: Wed Dec 18, 2013 3:35 pm
by harri
I've got a problem at connection time. AFAICS the certificate chain is verified correctly, but then openVPN fails with

Code: Select all

VERIFY FAIL -- bad X509 key usage in leaf certificate
Transport Error: PolarSSL: SSL read error : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
EVENT: CERT_VERIFY_FAIL PolarSSL: SSL read error : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed [ERR]
EVENT: DISCONNECTED
The X509v3 extensions of my certificate are

Code: Select all

X509v3 Basic Constraints: critical
    CA:FALSE
X509v3 Key Usage: critical
    Digital Signature, Key Encipherment, Data Encipherment, Key Agreement
X509v3 Extended Key Usage: 
    TLS Web Client Authentication
Netscape Comment: 
    xca certificate
On Linux this works fine, so every helpful comment is highly appreciated.
The openVPN app is version 1.0.2.

Re: bad X509 key usage in leaf certificate

Posted: Wed Dec 18, 2013 5:54 pm
by jamesyonan
This error normally occurs when you are using the remote-cert-ku directive to force additional server certificate checks on the client, and those checks are failing.

James

Re: bad X509 key usage in leaf certificate

Posted: Wed Dec 18, 2013 6:48 pm
by harri
Problem solved. :-)
Thanx very much
Harri

Re: bad X509 key usage in leaf certificate

Posted: Wed Dec 25, 2013 8:24 am
by jongyau
Can you provide more information about how to solve the problem?
Many thanks!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/