Error x509 - The CRT/CRL/CSR format is invalid
Posted: Mon Mar 25, 2019 5:15 am
Hello there,
I've been unable to connect to my VPN that was working flawlessly before.
I don't know if by updating OpenVPN iOS app something could have stopped working or if i'm doing something wrong after an update.
I tried to regenerate all keys to avoid a mismatch with old keys but the problem persists.
I'm using DD-WRT OpenVPN server (2.4.6 with OpenSSL 1.1.1a) and OpenVPN 2.4.7 to generate the keys. OpenVPN on IOS is on v3.0.2
Whenever i try to connect, i receive this message:
"mbed TLS: error parsing cert certificate: X509 - The CRT/CRL/CSR format is invalid, eg. different type expected"
Server Config:
Client Config:
App Settings:
Any help is appreciated,
Thanks
I've been unable to connect to my VPN that was working flawlessly before.
I don't know if by updating OpenVPN iOS app something could have stopped working or if i'm doing something wrong after an update.
I tried to regenerate all keys to avoid a mismatch with old keys but the problem persists.
I'm using DD-WRT OpenVPN server (2.4.6 with OpenSSL 1.1.1a) and OpenVPN 2.4.7 to generate the keys. OpenVPN on IOS is on v3.0.2
Whenever i try to connect, i receive this message:
"mbed TLS: error parsing cert certificate: X509 - The CRT/CRL/CSR format is invalid, eg. different type expected"
Server Config:
Code: Select all
TUN
TCP
AES-256 CBC
SHA512
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
LZO Compression Adaptive
Public Server Cert
Certificate:
Data:
...
-----BEGIN CERTIFICATE-----
KEY
-----END CERTIFICATE-----
CA Cert
-----BEGIN CERTIFICATE-----
KEY
-----END CERTIFICATE-----
Private Server Key
-----BEGIN PRIVATE KEY-----
KEY
-----END PRIVATE KEY-----
DH PEM
-----BEGIN DH PARAMETERS-----
KEY
-----END DH PARAMETERS-----
TLS Auth Key
-----BEGIN OpenVPN Static key V1-----
KEY
-----END OpenVPN Static key V1-----
mode server
tls-server
key-direction 0
tls-version-min 1.2
tls-cipher "DEFAULT:@SECLEVEL=0"
verb 5
Client Config:
Code: Select all
#Tells OpenVPN where the remote server is located
remote IP PORT
#Put OpenVPN into client mode
client
#Set the remote server certification type
remote-cert-tls server
#Set the VPN type (TUN vs TAP)
dev tun
#Set the protocol being used
proto tcp
#Make OpenVPN retry infitirely when a connection is dropped
resolv-retry infinite
#Nobind
nobind
#Persist
persist-key
persist-tun
#Required for TUN connections, optional for TAP
float
#Setup TLS use for the tunnel
#Force minimum version use to prevent vulnerabilities in older versions
tls-version-min 1.2
#Set the TLS cipher type
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
#Set the data encryption cipher type
cipher AES-256-CBC
#Set the authentication hashing cipher type
auth SHA512
#Request the server re-negotiate keys every 5 minutes
reneg-sec 300
#Tell the client that LZO Compression is in use
comp-lzo
#Set the VPN Tunnel as the default gateway for the client machine
redirect-gateway def1
#TLS Configuration
key-direction 1
tls-client
<ca>
-----BEGIN CERTIFICATE-----
KEY
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE REQUEST-----
KEY
-----END CERTIFICATE REQUEST-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
KEY
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
KEY
-----END OpenVPN Static key V1-----
</tls-auth>
App Settings:
Code: Select all
Reconnect On Wakeup: ON
Seamless Tunnel: ON
VPN Protocol: TCP
IPV6: NO PREFERENCE
Connection Timetout: CONTINUOUSLY RETRY
Allow Compression: NO
AES-CBC: Check
Minimum TLS Version 1.2
Thanks