Page 1 of 1
ca.crt invalid
Posted: Thu Jan 23, 2020 12:49 am
by jarmar
I am trying to generate all certificates using easyrsa on my Windows PC then copy the certs to my EdgeMAX EdgeRouter 4 which has openvpn. I follow the procedures with no errors yet when I transfer to the router and try to start openvpn I get an error ca.crt invalid. I have done this with easyrsa ver2 with no issues yet with easyrsa ver3 it does not work. Please assist with generating certs that will work on my EdgeRouter.
Re: ca.crt invalid
Posted: Thu Jan 23, 2020 11:22 am
by TinCanTech
And what error is shown in the log file ?
Re: ca.crt invalid
Posted: Thu Jan 23, 2020 5:12 pm
by jarmar
The only messge is "Invalid ca.crt file". Lack of any resolution on this I found instructions to install easy-rsa on CentOS8. I created a new virtual machine, installed openvpn and easy-rsa then generated the certs. The process is the same as on Windows. Once complete i uploaded the certs onto my router and they worked. Not sure why the Windows version of easy-rsa does not work.
Re: ca.crt invalid
Posted: Thu Jan 23, 2020 5:16 pm
by TinCanTech
Probably just a "Coffee / Pasta" error.
Re: ca.crt invalid
Posted: Sat Jan 25, 2020 5:24 am
by jarmar
I am using WinSCP to copy the files between the PC and the Router. It works if I use Linux but not Windows.
Re: ca.crt invalid
Posted: Sat Jan 25, 2020 3:16 pm
by TiTex
i think somebody else had this issue , and it was an windows line encoding issue
convert the file to LF (linux line ending ) from a terminal
dos2unix yourfile , if you don't have this utility there are plenty of text editors that have this feature including Visual Code or notepad2-mod (
https://xhmikosr.github.io/notepad2-mod/)
also make sure you copy the cert/key including the separators
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----