I have recently obtained the three required parts for the SSL certificate and installed since then (yesterday) each time any clients attempt to connect they get this message
Unexpected error: untrusted_cert: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
I am not technically qualified and have lost me technical manager. could someone assist me with this problem please as it is urgent.
Thanks
SSL Certificate problem - urgent
-
mike1954
- OpenVpn Newbie
- Posts: 2
- Joined: Sun Jan 29, 2012 9:19 am
-
alexlist
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Feb 17, 2012 4:27 am
Re: SSL Certificate problem - urgent
Mike,
I guess you'll need to give us more details on what exactly you did.
What version of OpenVPN AS are you using, on what OS?
What version of OpenVPN client are you using, on what OS?
The error indicates that the CA certificate for the Client cert you are using could not be found on the client. You might want to consider creating CACert certificates for this purpose.
After creating a user account on CACert, you will have to create a CSR:
http://wiki.cacert.org/CSR
With this CSR, you can request a server certificate for your server from CACert. Use a class 3 certificate. You will need to specify the fully qualified host name (FQDN) of your OpenVPN AS when creating the CSR.
Then, you want to add the CACert Class 3 Certificate to your client's certificate store - that depends on the browser you're using.
I successfully installed OpenVPN AS today, used CAcert Class 3 certificates (http://www.cacert.org/) for the server, added a user, downloaded the client configuration file for autologin as the user, and connected.
I have been using OpenVPN (the community version) for quite some time because it's a lot less painful than setting up IPsec on Linux, but honestly, I'm amazed how straightforward and painless it was to set up OpenVPN AS on Ubuntu 11.10 x86_64. My client is an outdated Fedora 13 x86_64, and it still *just worked*.
I guess you'll need to give us more details on what exactly you did.
What version of OpenVPN AS are you using, on what OS?
What version of OpenVPN client are you using, on what OS?
The error indicates that the CA certificate for the Client cert you are using could not be found on the client. You might want to consider creating CACert certificates for this purpose.
After creating a user account on CACert, you will have to create a CSR:
http://wiki.cacert.org/CSR
With this CSR, you can request a server certificate for your server from CACert. Use a class 3 certificate. You will need to specify the fully qualified host name (FQDN) of your OpenVPN AS when creating the CSR.
Then, you want to add the CACert Class 3 Certificate to your client's certificate store - that depends on the browser you're using.
I successfully installed OpenVPN AS today, used CAcert Class 3 certificates (http://www.cacert.org/) for the server, added a user, downloaded the client configuration file for autologin as the user, and connected.
I have been using OpenVPN (the community version) for quite some time because it's a lot less painful than setting up IPsec on Linux, but honestly, I'm amazed how straightforward and painless it was to set up OpenVPN AS on Ubuntu 11.10 x86_64. My client is an outdated Fedora 13 x86_64, and it still *just worked*.