OpenVPN Support Forum

Posted: **Sat Aug 03, 2019 4:47 pm**

Good morning

He made the process for the creation of OpenVPN clients and when he exported the keys and the step to the client that manages a PC with Windows 10 pro does not connect, the antivirus is enough, under the firewal, the OpenVPN client was installed again but nothing

The error:

Sat Aug 03 10:19:22 2019 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
Sat Aug 03 10:19:22 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Sat Aug 03 10:19:22 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Aug 03 10:19:22 2019 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Enter Management Password:
Sat Aug 03 10:19:22 2019 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Aug 03 10:19:22 2019 OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
Sat Aug 03 10:19:22 2019 Cannot load certificate file asecartagena2.crt
Sat Aug 03 10:19:22 2019 Exiting due to fatal error

I appreciate your prompt collaboration on the subject.

Att:
Juan Diaz
Admon. Sistemas

Posted: **Sat Aug 03, 2019 5:54 pm**

juanpa wrote: ↑
Sat Aug 03, 2019 4:47 pm
OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

You need a new PKI from scratch or you run with zero security.

Posted: **Sat Aug 03, 2019 6:48 pm**

Good afternoon In other words, all the software must be installed again. Thank you

Posted: **Sat Aug 03, 2019 7:12 pm**

juanpa wrote: ↑
Sat Aug 03, 2019 6:48 pm
In other words, all the software must be installed again

No.

TinCanTech wrote: ↑
Sat Aug 03, 2019 5:54 pm
You need a new PKI from scratch or you run with zero security

Create a new PKI using easyrsa.
https://github.com/OpenVPN/easy-rsa/releases

TinCanTech wrote: ↑
Sat Aug 03, 2019 5:54 pm
OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

OpenSSL refuses to load your ca.crt because its MD5 hash is considered to be broken.

Posted: **Mon Aug 05, 2019 9:05 pm**

Good afternoon, when creating the pki, where it should be placed, to fix the error.
Thank you.

Posted: **Mon Aug 05, 2019 10:23 pm**

I advise you to contact your server administrator.

Posted: **Tue Aug 06, 2019 12:05 pm**

Good morning, the administrator is not there, is there any document that guides me to do the process, thanks.

Posted: **Tue Aug 06, 2019 12:06 pm**

You cannot create a PKI for your VPN unless you are the administrator. Contact that person.

Posted: **Thu Aug 08, 2019 2:14 am**

Thank you.
I'll try

OpenVPN Support Forum

Error Creando Cliente

Error Creando Cliente

Re: Error Creando Cliente

Re: Error Creando Cliente

Re: Error Creando Cliente

Re: Error Creando Cliente

Re: Error Creando Cliente

Re: Error Creando Cliente

Re: Error Creando Cliente

Re: Error Creando Cliente