problem Android certificate

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
pascalou
OpenVpn Newbie
Posts: 3
Joined: Tue Oct 04, 2022 11:37 am

problem Android certificate

Post by pascalou » Tue Oct 04, 2022 11:45 am

Hello

I launched the VPN of my Synology everything is ok with my Windows PC with the import of the conf file with OpenVPN the connection is done well but with the Android client Open vpn connect for my phone Oneplus 10 Pro under Android 13, I have the following message that there is no certificate . This is the same VPNConfig.ovpn file that I take for my computer.

Can someone help me, but what certificate is it and how to import it?

Thank you[
Image
Last edited by pascalou on Tue Oct 04, 2022 12:41 pm, edited 1 time in total.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: No Android VPN access .... No certificate

Post by openvpn_inc » Tue Oct 04, 2022 12:34 pm

Hello pascalou,

Looks like your profile is using certificate verification, but only for the server, not the client side. You can try the fix on this page:
https://openvpn.net/faq/how-to-make-the ... icate-key/

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

pascalou
OpenVpn Newbie
Posts: 3
Joined: Tue Oct 04, 2022 11:37 am

Re: No Android VPN access .... No certificate

Post by pascalou » Tue Oct 04, 2022 1:18 pm

openvpn_inc wrote:
Tue Oct 04, 2022 12:34 pm
Looks like your profile is using certificate verification, but only for the server, not the client side. You can try the fix on this page:
https://openvpn.net/faq/how-to-make-the ... icate-key/

Kind regards,
Johan
Hello
For information I have a LE certificate for my Synology
I added in the config file the following line
setenv CLIENT_CERT 0
The error message comes back it has another form see screen copy
Image
Last edited by pascalou on Tue Oct 04, 2022 1:44 pm, edited 1 time in total.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: problem Android certificate

Post by openvpn_inc » Tue Oct 04, 2022 1:23 pm

Hello again,

The error message "tls_process_server_certificate:certificate verify failed" means that the verification of the identity of the OpenVPN server using the server CA certificate information and the server's public certificate has failed. This means your certificates are simply broken. That is something that cannot be fixed on the client side. This configuration file is simply broken. This can only be solved on the server side.

I suggest you read up on how to implement OpenVPN on Synology and redo the setup. It's possible the certificates currently in use are simply expired and need to be replaced. While you're at it you might look into implementing it with client certificates too so you don't have to put in that option I told you about earlier, but verification of server and client side can proceed as they should.

Good luck,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

pascalou
OpenVpn Newbie
Posts: 3
Joined: Tue Oct 04, 2022 11:37 am

Re: problem Android certificate

Post by pascalou » Tue Oct 04, 2022 3:31 pm

openvpn_inc wrote:
Tue Oct 04, 2022 1:23 pm
Hello again,


I suggest you read up on how to implement OpenVPN on Synology and redo the setup. It's possible the certificates currently in use are simply expired and need to be replaced. While you're at it you might look into implementing it with client certificates too so you don't have to put in that option I told you about earlier, but verification of server and client side can proceed as they should.

Good luck,
Johan
Hello Johan
I made a new certificate with its export and nothing changes
My Windows 10 PC connects to the VPN without any problem, no certificate request

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: problem Android certificate

Post by openvpn_inc » Tue Oct 04, 2022 3:36 pm

Hello pascalou,

A Let's Encrypt certificate should not be used with OpenVPN. OpenVPN should be using your own self-signed certificates. Or would you like everyone that can get a Let's Encrypt certificate to be able to verify against your OpenVPN server? This does not make sense.

Using a Let's Encrypt certificate for a web service that needs to be publicly validated makes sense. I suspect you are now mixing certificates and their use-cases. Using a Let's Encrypt certificate for a VPN service makes absolutely no sense at all.

I suggest again that you read up on how to implement OpenVPN on Synology and redo the setup.

Edit: I see you edited your post afterwards. I can only repeat what I said earlier; if you get certificate verify failed error then the certificates being used are wrong (apparently). I can't fix this in any possible way from my end or in the client side, sorry.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply