External certificate signing failed
Posted: Mon Dec 05, 2022 2:33 pm
Hi,
I created a certificate on my opnsense firewall for vpn connections. It contained a .ovpn, .p12 and a .key file. With these files I get a vpn connection on my linux distribution. I would like to use OpenConnect v3 on my Windows 10 too, but I get errors.
The first error message was that CA is not defined. I exported an extra ca file from my server. Then I added a line to my config file (ca my_ca_file.crt). Ok, this seems to be ok, after this modification I get the error mentioned in the subject: external certificate signing failed. Somebody could resolve this problem by putting the ca line in the middle of the config-body, but it doesnt work for me
This is my config file:
cipher AES-256-CBC
auth SHA512
client
resolv-retry infinite
remote my_server_ip 1194 udp
lport 0
verify-x509-name "C=DE, ST=NRW, L=my_city, O=Administration, emailAddress=my_email_address, CN=internal-server-crt" subject
remote-cert-tls server
comp-lzo no
ca my_ca_file.crt
pkcs12 OpenVPN_Server_Level5_tbarth_28.p12
tls-auth OpenVPN_Server_Level5_tbarth_28-tls.key 1
Is there still something wrong here?
I created a certificate on my opnsense firewall for vpn connections. It contained a .ovpn, .p12 and a .key file. With these files I get a vpn connection on my linux distribution. I would like to use OpenConnect v3 on my Windows 10 too, but I get errors.
The first error message was that CA is not defined. I exported an extra ca file from my server. Then I added a line to my config file (ca my_ca_file.crt). Ok, this seems to be ok, after this modification I get the error mentioned in the subject: external certificate signing failed. Somebody could resolve this problem by putting the ca line in the middle of the config-body, but it doesnt work for me
This is my config file:
cipher AES-256-CBC
auth SHA512
client
resolv-retry infinite
remote my_server_ip 1194 udp
lport 0
verify-x509-name "C=DE, ST=NRW, L=my_city, O=Administration, emailAddress=my_email_address, CN=internal-server-crt" subject
remote-cert-tls server
comp-lzo no
ca my_ca_file.crt
pkcs12 OpenVPN_Server_Level5_tbarth_28.p12
tls-auth OpenVPN_Server_Level5_tbarth_28-tls.key 1
Is there still something wrong here?