I hope you can help me.
I'm trying to setup OpenVPN AS (v2.8.8) which uses certificates of a PKI (Windows PKI) instead of its own certificates, and are running into an issue. I have followed the article External public key infrastructure (PKI) | OpenVPN
of OpenVPN, but i can not connect with a client. When i'm switching back to a situation without certificates the VPN works.
I'm getting an error on the client:
Client version 3.2 -> External Certificate Signing failed
Client version 3.1 -> mbed TLS:SSL read error:X509 - Certificate verification failed, eg. CRl, CA or signature check failed
I suspect an issue with the certificates loaded on the server, but i can't figure it out.
I have created a server Certificate and exported with windows (PFX). I created a CA bundle by copying my intermediate and root in one file. Then i created the server crt with:
and the key file with
These 3 files i have used for the OpenVPN configuration.
In the server log i see the following error when a client connects:
TLS: Initial packet from [AF_INET]serverext:54155 (via [AF_INET]serverin%eth0), sid=b4888b85 39f44b5b'
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)'
TLS Error: TLS handshake failed'