Client Certificate Creation Error

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
amithad
OpenVpn Newbie
Posts: 3
Joined: Fri Dec 11, 2015 5:07 am

Client Certificate Creation Error

Post by amithad » Fri Dec 11, 2015 6:03 am

Hi,

I am trying to create a client certificate on my OpenVPN server on OpenBSD 5.3. My OpenVPN version is 2.0.9

When I try to create a client certificate using easy-rsa 2.0 it asks a challenge password.
When I enter the default option without entering a password it gives the following error inside the code.

Code: Select all

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
CA certificate and CA private key do not match
791647068:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:/usr/src/lib/libssl/crypto/../src/crypto/x509/x509_cmp.c:331:
My openvpn.conf is as follows.

Code: Select all

server 10.8.0.0 255.255.255.0
#push "dhcp-option DNS 192.168.94.11"
dev tun3
float
ifconfig-pool-persist /etc/openvpn/ipp.txt
dh dh1024.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
comp-lzo
proto udp
status /etc/openvpn/openvpn-status.log
verb 3
push "route 192.168.94.0 255.255.255.0"
keepalive 10 120
ping-timer-rem
persist-tun
persist-key
crl-verify /etc/openvpn/easy-rsa/2.0/keys/crl.pem
#daemon
management localhost 7505
Is there a limitation of my free version of OpenVPN of creating certificates which leads to the above error?

Thanks :)
Top
Post Reply

Return to “Server Administration”