OpenVPN Support Forum

Guys,
I need help.
I have um openvpn server that show messages log "CRL HAS EXPIRED" AND "ERROR TLS HANDSHAKE FAILED".
Thank you.

Written for you:
viewtopic.php?f=30&t=22603

Flavio_Analista wrote: ↑

Mon Feb 08, 2021 12:44 am

Guys,
I need help.
I have um openvpn server that show messages log "CRL HAS EXPIRED" AND "ERROR TLS HANDSHAKE FAILED".
Thank you.

In server log:
Tue Feb 16 15:14:36 2021 179.242.8.107:2207 OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
Tue Feb 16 15:14:36 2021 179.242.8.107:2207 TLS_ERROR: BIO read tls_read_plaintext error
Tue Feb 16 15:14:36 2021 179.242.8.107:2207 TLS Error: TLS object -> incoming plaintext read error
Tue Feb 16 15:14:36 2021 179.242.8.107:2207 TLS Error: TLS handshake failed

TinCanTech wrote: ↑

Mon Feb 08, 2021 1:09 am

Written for you:
viewtopic.php?f=30&t=22603

Hello Flavio_Analista,

Are you using the OpenVPN Access Server program on the server side?

> SSL routines:ssl3_get_client_certificate:certificate verify failed

That error usually means your CA certificate and/or client certificate has expired. The solution there is to replace them.

Kind regards,
Johan

Hello,

I am getting also same error in newly generated Certificates.the exact error is

2021-02-25 13:36:31.661606 VERIFY ERROR: depth=1, error=unable to get issuer certificate: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
2021-02-25 13:36:31.661666 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2021-02-25 13:36:31.661678 TLS_ERROR: BIO read tls_read_plaintext error
2021-02-25 13:36:31.661686 TLS Error: TLS object -> incoming plaintext read error
2021-02-25 13:36:31.661694 TLS Error: TLS handshake failed
2021-02-25 13:36:31.661920 SIGUSR1[soft,tls-error] received, process restarting

Please help,stuck on the error since a week

Thanks