External certificate not found

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
elgranjeff
OpenVpn Newbie
Posts: 1
Joined: Sat May 21, 2022 7:54 pm

External certificate not found

Post by elgranjeff » Sat May 21, 2022 9:27 pm

Hello. I have an openvpn server configured and running on my pfsense router. I am using TLS encryption and auth, and I am attempting to use a certificate in my Android keychain. I have followed this procedure: https://openvpn.net/vpn-server-resource ... d-keychain
  1. I have created a p12 file using my root ca, intermediate ca, certificate, and key and configured an encryption password.
  2. I have imported my p12 using openvpn connect (I've also tried importing directly from android security menu in settings)
  3. I have removed the cert, ca, and key directives from my ovpn file
  4. I have imported the ovpn profile
As per the instructions, after importing the profile (without cert, ca, and key directives) I attempt to open the connection, I am asked to either continue without a certificate or select a certificate. When I click select certificate, I am immediately shown an error message that reads:
"There was an error attempting to connect to the selected server.
Error message: External certificate not found. Please select proper certificate for profile."

I have cleared app data, uninstalled, reinstalled, and ensured that the app has file and media permissions allowed with no permissions denied.
Perhaps openvpn doesn't support my certificate, though when I created it with pfsense, I used settings that were noted as compatible with openvpn.

Is there anything that I should be doing differently? Is there anything I can do to troubleshoot?

Please note that I have replaced my actual server hostname with myserver.example.com.

Any suggestions or advice are welcome.
Thank you!

sanitized client config

client
dev tun
remote myserver.example.com 1194 udp
cipher AES-256-GCM
auth SHA256
auth-user-pass
remote-cert-tls server
key-direction bidirectional

<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>

paleer
OpenVpn Newbie
Posts: 1
Joined: Wed Jul 26, 2023 6:18 pm

Re: External certificate not found

Post by paleer » Wed Jul 26, 2023 6:19 pm

Having the same issue, there are no related errors in the log file.

Note that this is pretty important as it would help with cert rotation, you would only import the rotated cert in the keychain. Otherwise, yone would have to keep the .ovpn file in the filesytem and it would expose the tls-crypt key.

Post Reply