OpenVPN error "Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication"

  • Hi everybody,


    I had OpenVPN working under OMV3 perfectly for quite a long time. After the upgrade to OMV4, I reinstalled the plugin and created new a new certificate for my client using the GUI. If I now try to connect the client, I get the error mentioned above:


    What can I do?


    Best,
    Aiakos

  • Do all the configuration you need through openmediavault webinterface.


    After you are finished login with ssh and edit /etc/openvpn/server.conf and add the following to the end of the file:

    Code
    remote-cert-eku "TLS Web Server Authentication"

    Save and close. Restart openvpn server with:



    Bash
    systemctl restart openvpn

    Should work until you do changes in openmediavault webinterface which removes those lines.

  • Hi Chone,


    in the meantime - without having changed anything - I get this new error:

    Code
    Tue Jun 12 19:44:58 2018 VERIFY ERROR: depth=0, error=unsupported certificate purpose: CN=***
    Tue Jun 12 19:44:58 2018 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
    Tue Jun 12 19:44:58 2018 TLS_ERROR: BIO read tls_read_plaintext error
    Tue Jun 12 19:44:58 2018 TLS Error: TLS object -> incoming plaintext read error
    Tue Jun 12 19:44:58 2018 TLS Error: TLS handshake failed

    What does this mean?

  • Had the same problem then I found this error in /var/log/openvpn.log

    Code
    Wed Jul 18 11:46:23 2018 MYIP:46585 CRL: cannot read: /etc/openvpn/pki/crl.pem
    Wed Jul 18 11:46:23 2018 MYIP:46585 VERIFY ERROR: CRL not loaded


    so I did this in SSH and it works now.


    Bash
    chown nobody:nogroup /etc/openvpn/pki/crl.pem

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!