OpenVPN Support Forum

Hi Dear Friend I Config openvpn server Import CA and copy ca to config file
change openvpn version but still in client log is

Sun Jul 04 11:25:56 2021 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Sun Jul 04 11:25:56 2021 TLS_ERROR: BIO read tls_read_plaintext error
Sun Jul 04 11:25:56 2021 TLS Error: TLS object -> incoming plaintext read error
Sun Jul 04 11:25:56 2021 TLS Error: TLS handshake failed

I change Dh Size and port and protocol But problem still exists

ramin_malek wrote: ↑

Sun Jul 04, 2021 6:58 am

OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

You need to fix your server certificate.

viewtopic.php?f=30&t=22603

After my old certificates expired a few days ago, I created new certificates (in large part due to some timely tips from TinCanTech) I cannot connect to my OpenVPN server from OpenVPN clients with them. I have checked and rechecked the certificates and my installation of them and I am sure everything is right. Nonetheless my OpenVPN clients are not completing TLS handshake with my server (the server log is not showing anything suspicious but client is failing to verify server certificate:

Sun Sep 10 13:33:58 2023 us=398688 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Sun Sep 10 13:33:58 2023 us=398688 TLS_ERROR: BIO read tls_read_plaintext error
Sun Sep 10 13:33:58 2023 us=398688 TLS Error: TLS object -> incoming plaintext read error
Sun Sep 10 13:33:58 2023 us=398688 TLS Error: TLS handshake failed
Sun Sep 10 13:33:58 2023 us=399687 TCP/UDP: Closing socket

I spent some time looking through forum threads at your viewtopic.php?f=30&t=22603 reference but can't see anything about "fixing" a certificate when experiencing this problem. Could anyone provide a clearer reference on "fixing" certificate(s) newly created by the latest version of EasyRSA--or even ideas about why they might require "fixing?"

Thanks in advance