problem Android certificate

[pascalou]

Hello

I launched the VPN of my Synology everything is ok with my Windows PC with the import of the conf file with OpenVPN the connection is done well but with the Android client Open vpn connect for my phone Oneplus 10 Pro under Android 13, I have the following message that there is no certificate . This is the same VPNConfig.ovpn file that I take for my computer.

Can someone help me, but what certificate is it and how to import it?

Thank you[

[openvpn_inc]

Hello pascalou,

Looks like your profile is using certificate verification, but only for the server, not the client side. You can try the fix on this page:
https://openvpn.net/faq/how-to-make-the ... icate-key/

Kind regards,
Johan

[pascalou]

Looks like your profile is using certificate verification, but only for the server, not the client side. You can try the fix on this page:
https://openvpn.net/faq/how-to-make-the ... icate-key/

Kind regards,
Johan

Hello
For information I have a LE certificate for my Synology
I added in the config file the following line
setenv CLIENT_CERT 0
The error message comes back it has another form see screen copy

[openvpn_inc]

Hello again,

The error message "tls_process_server_certificate:certificate verify failed" means that the verification of the identity of the OpenVPN server using the server CA certificate information and the server's public certificate has failed. This means your certificates are simply broken. That is something that cannot be fixed on the client side. This configuration file is simply broken. This can only be solved on the server side.

I suggest you read up on how to implement OpenVPN on Synology and redo the setup. It's possible the certificates currently in use are simply expired and need to be replaced. While you're at it you might look into implementing it with client certificates too so you don't have to put in that option I told you about earlier, but verification of server and client side can proceed as they should.

Good luck,
Johan

[pascalou]

Hello again,


I suggest you read up on how to implement OpenVPN on Synology and redo the setup. It's possible the certificates currently in use are simply expired and need to be replaced. While you're at it you might look into implementing it with client certificates too so you don't have to put in that option I told you about earlier, but verification of server and client side can proceed as they should.

Good luck,
Johan

Hello Johan
I made a new certificate with its export and nothing changes
My Windows 10 PC connects to the VPN without any problem, no certificate request

[openvpn_inc]

Hello pascalou,

A Let's Encrypt certificate should not be used with OpenVPN. OpenVPN should be using your own self-signed certificates. Or would you like everyone that can get a Let's Encrypt certificate to be able to verify against your OpenVPN server? This does not make sense.

Using a Let's Encrypt certificate for a web service that needs to be publicly validated makes sense. I suspect you are now mixing certificates and their use-cases. Using a Let's Encrypt certificate for a VPN service makes absolutely no sense at all.

I suggest again that you read up on how to implement OpenVPN on Synology and redo the setup.

Edit: I see you edited your post afterwards. I can only repeat what I said earlier; if you get certificate verify failed error then the certificates being used are wrong (apparently). I can't fix this in any possible way from my end or in the client side, sorry.

Kind regards,
Johan