[Solved] PolarSSL The certificate format is invalid, e.g. different type expected
Posted: Thu Oct 13, 2016 8:47 pm
by tzmmtz
Trying to install profile sent by email and get this error on iPhone running 9.3.5. and OpenVPN v1.0.7 build 199.
PolarSSL : error parsing ca certificate : X509 - The certificate format is invalid, e.g. different type expected
This same profile works fine if importing by iTunes.
Anyone have any clues?
Here is the full log..,
Thanks in advance for any help.
2016-10-13 16:32:30 ----- OpenVPN Start -----
OpenVPN core 3.0.11 ios arm64 64-bit built on Apr 15 2016 14:13:50
2016-10-13 16:32:30 Frame=512/2048/512 mssfix-ctrl=1250
2016-10-13 16:32:30 EVENT: CORE_ERROR PolarSSL: error parsing ca certificate : X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected [ERR]
2016-10-13 16:32:30 Raw stats on disconnect:
2016-10-13 16:32:30 Performance stats on disconnect:
CPU usage (microseconds): 2433
Network bytes per CPU second: 0
Tunnel bytes per CPU second: 0
2016-10-13 16:32:30 EVENT: DISCONNECT_PENDING
2016-10-13 16:32:30 ----- OpenVPN Stop -----
Re: PolarSSL The certificate format is invalid, e.g. different type expected
Posted: Fri Oct 14, 2016 10:37 am
by TinCanTech
What is in the profile ?
Re: PolarSSL The certificate format is invalid, e.g. different type expected
Posted: Fri Oct 14, 2016 12:00 pm
by tzmmtz
The iphone.ovpn file and a ca.crt. The xxx's represent the dns name which are removed for this public post. Here is the contents of the .ovpn file.
Thanks for your thoughts TinCanTech.
dev tun
client
resolv-retry infinite
nobind
remote xxx.xxx.com 1195 udp
remote xxx.xxx.com 443 tcp
tls-client
ns-cert-type server
ca ca.crt
comp-lzo
persist-key
persist-tun
verb 3
auth-user-pass
Re: PolarSSL The certificate format is invalid, e.g. different type expected
Posted: Fri Oct 14, 2016 12:28 pm
by TinCanTech
Remove --ns-cert-type server and try again.
Re: PolarSSL The certificate format is invalid, e.g. different type expected
Posted: Fri Oct 14, 2016 6:01 pm
by tzmmtz
At this point I'm a bit mixed up, especially now that I have so many different test files. So, I just restarted from scratch and let me restate....
If I import through iTunes it works fine when the file is a package called iphone.ovpn containing the .ovpn file and the ca.crt. Here is what is in the .ovpn and I just removed the ns-cert-type server and verified it still works.
dev tun
client
resolv-retry infinite
nobind
remote xxx.xxx.com 1195 udp
remote xxx.xxx.com 443 tcp
tls-client
ca ca.crt
comp-lzo
persist-key
persist-tun
verb 3
auth-user-pass
When I sent that by email it wouldn't even import into the OpenVPN app. All I see after clicking on the email attachment is iphone.ovpn OpenVPN Profile 192 bytes and swipe left I see ca.crt certificate (x.509) 1kb
So, my first question now is what is the proper way to email? What I've been trying is...Creating a single file and emailing which then gave me the option to import into OpenVPN profile. But I still get the original error.... PolarSSL The certificate format is invalid, e.g. different type expected.
Re: PolarSSL The certificate format is invalid, e.g. different type expected
Posted: Mon Oct 17, 2016 1:06 am
by tzmmtz
We got it working by telling IOS not to look for a profile ssl cert in the config because we don't use that. We use the username/password combo instead.
Everything fine now.
Re: PolarSSL The certificate format is invalid, e.g. different type expected
