Openvpn Cannot load CA certificate

ruudsplint · #1 20th June 2008, 11:24 AM

I am try to setup a Openvpn connection from within NetworkManager and get the following error:

Quote:

[root@W070022 ruud]# cat /var/log/messages | grep openvpn
Jun 20 12:02:02 W070022 NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.openvpn'...
Jun 20 12:02:02 W070022 NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' started (org.freedesktop.NetworkManager.openvpn), PID 23765
Jun 20 12:02:02 W070022 NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.openvpn' just appeared, activating connections
Jun 20 12:02:02 W070022 nm-openvpn[23768]: OpenVPN 2.1_rc7 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] built on Feb 21 2008
Jun 20 12:02:02 W070022 nm-openvpn[23768]: WARNING: file '/home/ruud/.openvpn/client1.key' is group or others accessible
Jun 20 12:02:02 W070022 nm-openvpn[23768]: Cannot load CA certificate file /home/ruud/.openvpn/ca.key path (null) (SSL_CTX_load_verify_locations) (OpenSSL)
Jun 20 12:02:02 W070022 nm-openvpn[23768]: Exiting

Quote:

[root@W070022 ruud]# rpm -qa | grep openvpn
openvpn-2.1-0.25.rc7.fc9.x86_64
NetworkManager-openvpn-0.7.0-10.svn3632.fc9.x86_64

jamesapnic · #2 6th July 2008, 05:43 PM

Hey there,

It looks like you have not copied the ca.key for your certificate authority into the directory

Quote:

/home/ruud/.openvpn/

You can get this from your administrator, or if you generated your own keys it will be in

Quote:

/etc/openvpn

on the server.

ruudsplint · #3 7th July 2008, 09:25 AM

Thank for your reaction, but that is not the problem....

Quote:

[ruud@W070022 ~]$ ll .openvpn/
total 24
-rw-r--r-- 1 ruud ruud 887 2008-06-09 15:57 ca.key
-rw-r--r-- 1 ruud ruud 3728 2008-06-09 16:01 client1.crt
-rw-rw-rw- 1 ruud ruud 887 2008-06-09 16:01 client1.key

froggy06071968 · #4 31st December 2008, 09:04 AM

Hi,

I had the same problem the solution is very simple:

In your config you find something like this:

Code:

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca   '/etc/openvpn/cacert.pem'
cert '/etc/openvpn/cert.pem'
key  '/etc/openvpn/key.pem'

remove the quotes around the ca, cert and key and everything should work fine although it did it for me

Now it should look like this

Code:

# SSL/TLS parms.
# See the server config file for more
# description.  It's best to use
# a separate .crt/.key file pair
# for each client.  A single ca
# file can be used for all clients.
ca   /etc/openvpn/cacert.pem
cert /etc/openvpn/cert.pem
key  /etc/openvpn/key.pem

I had the same error on my windows client

and also linux client

David Becker · #5 31st December 2008, 11:51 AM

Quote:

Originally Posted by ruudsplint

I am try to setup a Openvpn connection from within NetworkManager and get the following error:

It's telling you to change the permissions. That should be your first approach.

Why are you using the ca key? You normally never use this other than for generating/verifying certificates (it's private).

You want the ca.crt

David