Page 1 of 1

VERIFY KU ERROR

Posted: Tue Mar 29, 2022 1:40 pm
by mdolezal
Hi all,
from the day to day I`m not able to connect to my ovpn server with the "remote-cert-tls server" option in config file.
The attempt to login ends with

2022-03-26 21:42:43 Certificate does not have key usage extension
2022-03-26 21:42:43 VERIFY KU ERROR

The strange is, that there were no config changes, no updates as I know. Simply in the Friday I was able to connect and in the Monday I cannot.

Do you have any idea what can be wrong ?

Regards

Marek

Re: VERIFY KU ERROR

Posted: Tue Mar 29, 2022 2:03 pm
by TinCanTech
mdolezal wrote:
Tue Mar 29, 2022 1:40 pm
I`m not able to connect to my ovpn server with the "remote-cert-tls server" option in config
Because your server certificate is too old.
mdolezal wrote:
Tue Mar 29, 2022 1:40 pm
no updates as I know. Simply in the Friday I was able to connect and in the Monday I cannot
gremlins. :twisted:

Re: VERIFY KU ERROR

Posted: Tue Mar 29, 2022 4:25 pm
by mdolezal
unfortunatelly this is not only my problem but all user with option
remote-cert-tls server
are not able to login.

Re: VERIFY KU ERROR

Posted: Tue Mar 29, 2022 4:48 pm
by TinCanTech
mdolezal wrote:
Tue Mar 29, 2022 4:25 pm
unfortunatelly this is not only my problem but all user with option
remote-cert-tls server
are not able to login.
Then don't use it.

Re: VERIFY KU ERROR

Posted: Wed Mar 30, 2022 8:02 am
by mdolezal
I know, but it is not safe
and i need to know what happedned

Re: VERIFY KU ERROR

Posted: Wed Mar 30, 2022 11:37 am
by TinCanTech
You changed something and broke it.

Re: VERIFY KU ERROR

Posted: Sun Apr 03, 2022 9:57 am
by 300000
mdolezal wrote:
Wed Mar 30, 2022 8:02 am
I know, but it is not safe
and i need to know what happedned
If you want to know why because that is the way how support work on here. the first time you create openvpn server with default setting on create certificate that is basic and work as your system. now you are looking some info from internet and try some more advanced then it not work as you expect. If you and your user want it you have two option here. buy an support some someone can help you or making the whole openvpn server certificate again with adding extension or you must do it by yourselves to make it work . that is the way how open scourge software continuing evolving .you only been given out half of function and if you want more should pay for it.

In order correctly it you need edit openssl config and add entry on KU extension then create certificate again.