Windows Client Problem:"Cannot load inline certificate file"
Posted: Wed Sep 17, 2014 9:13 pm
I installed OpenVPN and easy-rsa on a CentOS 6.5 server and OpenVPN for Windows on a Win 8 client. After creating the certs and keys, I copied the ca.cert, client.cert, and client.key files to the config directory on the client. When I try to connect, however, I get "Cannot load inline certificate file:error:0906D06C:PEM routines:PEM_read_bio:no start line:error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib"
I basically followed the instructions at https://www.digitalocean.com/community/ ... n-centos-6. I did not run the wget and rpm commands suggested. I started with "yum install openvpn". Everything seemed to install correctly.
I also had to install easy-rsa, separately, since it seems it is no longer bundled with openvpn. Here again, I just ran "yum install easy-rsa" and got it from a public repository.
Another thing I did differently was to add the line, "ns-cert-type server", to the end of the client.ovpn file they suggested because, without it, I got another error: "No server certificate verification method has been enabled...".
I opened a port in our firewall to forward inbound UDP traffic on port 1194 to the CentOS box. I also went to Google and entered "what is my ip". It returned the correct public IP address.
I did notice there is one significant difference between the client.ovpn file the instructions suggested and the examples I have found elsewhere. My file, following the instructions, references the cert and key files as follows.
<ca>
Contents of ca.crt
</ca>
<cert>
Contents of client.crt
</cert>
<key>
Contents of client.key
</key>
The examples I have found elsewhere reference these files as follows.
ca ca.crt
cert client.crt
key client.key
I modified the file to reference them this way; but, then no information is returned at all when I try to connect. I just get the OpenVPN Connection (client) dialog box with an empty panel that eventually times out.
I've spent over half the day working on this and searching for a solution with no luck. Any assistance anyone can offer will be greatly appreciated.
Thanks
PS
Below is the entire contents of my client.ovpn file. Maybe someone will see some problems with it.
client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
<ca>
Contents of ca.crt
</ca>
<cert>
Contents of client.crt
</cert>
<key>
Contents of client.key
</key>
ns-cert-type server
I basically followed the instructions at https://www.digitalocean.com/community/ ... n-centos-6. I did not run the wget and rpm commands suggested. I started with "yum install openvpn". Everything seemed to install correctly.
I also had to install easy-rsa, separately, since it seems it is no longer bundled with openvpn. Here again, I just ran "yum install easy-rsa" and got it from a public repository.
Another thing I did differently was to add the line, "ns-cert-type server", to the end of the client.ovpn file they suggested because, without it, I got another error: "No server certificate verification method has been enabled...".
I opened a port in our firewall to forward inbound UDP traffic on port 1194 to the CentOS box. I also went to Google and entered "what is my ip". It returned the correct public IP address.
I did notice there is one significant difference between the client.ovpn file the instructions suggested and the examples I have found elsewhere. My file, following the instructions, references the cert and key files as follows.
<ca>
Contents of ca.crt
</ca>
<cert>
Contents of client.crt
</cert>
<key>
Contents of client.key
</key>
The examples I have found elsewhere reference these files as follows.
ca ca.crt
cert client.crt
key client.key
I modified the file to reference them this way; but, then no information is returned at all when I try to connect. I just get the OpenVPN Connection (client) dialog box with an empty panel that eventually times out.
I've spent over half the day working on this and searching for a solution with no luck. Any assistance anyone can offer will be greatly appreciated.
Thanks
PS
Below is the entire contents of my client.ovpn file. Maybe someone will see some problems with it.
client
dev tun
proto udp
remote x.x.x.x 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
<ca>
Contents of ca.crt
</ca>
<cert>
Contents of client.crt
</cert>
<key>
Contents of client.key
</key>
ns-cert-type server