Inline cert/key woes.
Posted: Wed Dec 08, 2021 11:16 am
Hi, I'm trying to set up a config with inline everything for the purposes of the iOS client. After some IRC help I managed to get the inline strings of keys and certificates, so I copied the output of openssl base64 -in file.crt/key/pem to a structure similar to this example. I checked and I copied it correctly and I can't find any issues with the tags, but I'm still getting:
The config looks like this:
I guess the problem is with the .pem file used in <ca>? I tried was also getting these before I started playing with the "DEFAULT:@SECLEVEL=0" line for some reason, not getting it anymore:
Oh and the iOS OpeVPN Connect client throws out just a nonspecific "parse_hex_error".
Any help is appreciated!
Code: Select all
OpenSSL: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode
OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM libCode: Select all
tls-client
dev tun
remote vpn.server.com
proto udp
port 1194
pull
#tls-cipher "DEFAULT:@SECLEVEL=0"
comp-lzo
verb 5
resolv-retry infinite
nobind
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
LS0tLS1C[...]tLS0tLQ0K
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
Iw0KIy[...]LS0tLQ0K
-----END OpenVPN Static key V1-----
</tls-auth>
<key>
-----BEGIN RSA PRIVATE KEY-----
LS0tLS1[...]ktLS0tLQo=
-----END RSA PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
Q2VydGl[...]RS0tLS0tCg==
-----END CERTIFICATE-----
</cert>Code: Select all
OpenSSL: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
OpenSSL: error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error
OpenSSL: error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib
OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM libAny help is appreciated!