OpenVPN Support Forum

Getting the following error when attempting to connect:
OpenVPN server certificate verification failed : PolarSSL: SSL read error : X509 - Certifcate verification failed, e.g. CRL, CA or signature check failed
Log shows:
VERIFY FAIL CERT_NOT_TRUSTED : depeth=1
(Can't find where to copy the log from.)
Server is OpenVPN on Ubuntu Trusty.
The same certificates (server and client) work fine (and same config except TAP settings for windows) with OpenVPN client under Window 8.1.

Any ideas?

The same problem.
OpenVPN Connect 1.1.14 (build 56)
Probably the problem has arisen after updating (the previous version worked fine)

I tried "OpenVPN for Android" instead (https://play.google.com/store/apps/deta ... kt.openvpn) and that appears to work fine. Although I haven't done much testing with it.

kQLAeQ,

OpenVPN Connect 1.1.14 (build 56) does include a PolarSSL update to 1.3.7.

If you can email additional details such as the problem certificate chain on the server side to our support email at android@openvpn.net, we will investigate further.

Thanks,
James

Thanks. I'll give it another try in a week or so. My Nexus 5 stop charging, so I'm waiting for warranty replacement.

Hi,

Similar issue here since updating to App-Version 1.1.4
Clients: Nexus4 and Nexus7
Server: Debian Wheezy (OpenVpn 2.2.1)
key-,crt- and crl-files created using easy-rsa coming with that version.
Used to work on a daily base for several month.
Nothing changed except the Android-App.
Other App "OpenVPN for Android" still works with same keys.
ErrorMessage: OpenVPN core error : PolarSSL: error parsing CRL :
X509 The CRT/CRL/CSR format is invalid, e.g. different type expected
When removing the crl-verify from the config, it seems to work.

Bye..
Michael

Hi,

In order to track down the underlying issue I'd like to ask anyone with a key, crt, crl combination that works with the old version and not with the new version to share it with us at "support at polarssl dot org".. If you do send it to us, please put it in a tarball / zip and do not use it for secure communication again and generate a new set to work with..

Thanks in advance and with your help we hope to be able to track this down real soon!

Paul Bakker
Lead Maintainer PolarSSL.

Hello

I have the same problem with the new OpenVPN connect 1.1.12. Certificate cannot be verified on Android.

With OpenVPN connect 0.6.11 from my backup I have no problem.

I use TLS-AUTH key, CA and Client-Certs but no CRL. The whole config works fine from iOS devices!

pjbakker wrote:In order to track down the underlying issue I'd like to ask anyone with a key, crt, crl combination that works with the old version and not with the new version to share it with us at "support at polarssl dot org".. If you do send it to us, please put it in a tarball / zip and do not use it for secure communication again and generate a new set to work with..

I sent an email with a link to a cert as requested.

Any news on this subject ?

It will be fixed in a next PolarSSL 1.3.8 release. Then OpenVPN Connect will have to release a new version as well.

Ok, thank you for the reply (and the fix)

PolarSSL 1.3.8 was just released
https://github.com/polarssl/polarssl/bl ... /ChangeLog

Hopefully the OPenVPN Connect app will be updated soon!

Same issue with the New S5, anyone know when the update will happen

Could you please release a new version with updated PolarSSL?

same issue on a Acer 4.4.4 tablet any updates ? or has any one have a work around

Workaround would be to use an older version. Just download apk file by searching google OpenVPN Connect 1.1.13

digital0 wrote:Workaround would be to use an older version. Just download apk file by searching google OpenVPN Connect 1.1.13

thanks.