Hi,

the log line
"VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=US/ST=NewYork/L=minerals/O=certify.com/OU=R_D/CN=certify/emailAddress=cert...@server1.com"

shows that the client does not trust the server certificate, or the CA certificate that signed the server certificate; verify that you have loaded the right 'ca.crt' file in the client. You can print information about certificates using
 openssl x509 -text -noout -in ca.crt
or
 openssl x509 -subject -issuer -noout -in ca.crt

HTH,

JJK

Richard Francis wrote:

Hi, anyone can help? Greatly appreciative of your expertise.

Fri Oct 07 14:41:38 2011 us=958000 Current Parameter Settings:

Fri Oct 07 14:41:38 2011 us=958000 config = 'VPN.ovpn'

Fri Oct 07 14:41:38 2011 us=958000 mode = 0

Fri Oct 07 14:41:38 2011 us=958000 show_ciphers = DISABLED

Fri Oct 07 14:41:38 2011 us=958000 show_digests = DISABLED

Fri Oct 07 14:41:38 2011 us=958000 show_engines = DISABLED

Fri Oct 07 14:41:38 2011 us=958000 genkey = DISABLED

Fri Oct 07 14:41:38 2011 us=958000 key_pass_file = '[UNDEF]'

Fri Oct 07 14:41:38 2011 us=958000 show_tls_ciphers = DISABLED

Fri Oct 07 14:41:38 2011 us=958000 Connection profiles [default]:

Fri Oct 07 14:41:38 2011 us=958000 proto = tcp-client

Fri Oct 07 14:41:38 2011 us=958000 local = '[UNDEF]'

Fri Oct 07 14:41:38 2011 us=958000 local_port = 0

Fri Oct 07 14:41:38 2011 us=958000 remote = 'vpn.certify.com'

Fri Oct 07 14:41:38 2011 us=958000 remote_port = 443

Fri Oct 07 14:41:38 2011 us=958000 remote_float = DISABLED

Fri Oct 07 14:41:38 2011 us=958000 bind_defined = DISABLED

Fri Oct 07 14:41:38 2011 us=958000 bind_local = DISABLED

Fri Oct 07 14:41:38 2011 us=958000 connect_retry_seconds = 5

Fri Oct 07 14:41:38 2011 us=958000 connect_timeout = 10

Fri Oct 07 14:41:38 2011 us=958000 NOTE: --mute triggered...

Fri Oct 07 14:41:38 2011 us=958000 252 variation(s) on previous 20 message(s) suppressed by --mute

Fri Oct 07 14:41:38 2011 us=958000 OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Aug 20 2010

Fri Oct 07 14:41:38 2011 us=978000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Fri Oct 07 14:41:38 2011 us=978000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Fri Oct 07 14:41:39 2011 us=508000 LZO compression initialized

Fri Oct 07 14:41:39 2011 us=528000 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]

Fri Oct 07 14:41:39 2011 us=538000 Socket Buffers: R=[8192->8192] S=[8192->8192]

Fri Oct 07 14:41:39 2011 us=819000 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]

Fri Oct 07 14:41:39 2011 us=819000 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'

Fri Oct 07 14:41:39 2011 us=819000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'

Fri Oct 07 14:41:39 2011 us=819000 Local Options hash (VER=V4): '31fdf004'

Fri Oct 07 14:41:39 2011 us=819000 Expected Remote Options hash (VER=V4): '3e6d1056'

Fri Oct 07 14:41:39 2011 us=819000 Attempting to establish TCP connection with 1.1.1.1:443

Fri Oct 07 14:41:39 2011 us=909000 TCP connection established with 1.1.1.1:443

Fri Oct 07 14:41:39 2011 us=909000 TCPv4_CLIENT link local: [undef]

Fri Oct 07 14:41:39 2011 us=909000 TCPv4_CLIENT link remote: 1.1.1.1:443

Fri Oct 07 14:41:39 2011 us=979000 TLS: Initial packet from 1.1.1.1:443, sid=48fe7a7z 189d19pc

Fri Oct 07 14:41:41 2011 us=401000 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=US/ST=NewYork/L=minerals/O=certify.com/OU=R_D/CN=certify/emailAddress=cert...@server1.com

Fri Oct 07 14:41:41 2011 us=401000 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Fri Oct 07 14:41:41 2011 us=401000 TLS Error: TLS object -> incoming plaintext read error

Fri Oct 07 14:41:41 2011 us=401000 TLS Error: TLS handshake failed

Fri Oct 07 14:41:41 2011 us=401000 Fatal TLS error (check_tls_errors_co), restarting

Fri Oct 07 14:41:41 2011 us=401000 TCP/UDP: Closing socket

Fri Oct 07 14:41:41 2011 us=411000 SIGUSR1[soft,tls-error] received, process restarting

Fri Oct 07 14:41:41 2011 us=411000 Restart pause, 5 second(s)

Richard Francis

http://www.pelicancomputers.us

1.847.256.0639

------------------------------------------------------------------------

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2
------------------------------------------------------------------------

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel


Reply via email to