> the cipher list looks OK; I've just tried in my setup and it's definitely the
> TLS cipher, not the "cipher" option - that would lead to a different error
> message.
>
> something just popped up in my mind: what kind of certificates are you using?
> if you're using ECDSA based certificates and use SHA256 signing then it would
> fail - the currently released version of OpenVPN does not support that. Try
> using "regular" RSA type certificates (there you can use SHA2 hashes).
>
> You can determine what's used in your certificate by posting/looking at
> openssl x509 -text -noout -in cert/distal-ca.crt
> openssl x509 -text -noout -in cert/distalvpn.crt
Pretty sure they’re just standard RSA. Generated with openssl req and
openssl ca, IIRC. Appended…
Are these using SHA1, and I need SHA2?
- Chris
% openssl x509 -text -noout -in cert/distal-ca.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
AA:BB:CC
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Maryland, O=Distal Thoughts, CN=Distal Thoughts
Certificate Authority/emailAddress=c...@distal.com
Validity
Not Before: Dec 8 22:59:21 2013 GMT
Not After : Dec 8 22:59:21 2033 GMT
Subject: C=US, ST=Maryland, O=Distal Thoughts, CN=Distal Thoughts
Certificate Authority/emailAddress=c...@distal.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
CC:DD:EE
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:BB
X509v3 Authority Key Identifier:
keyid:AA:BB
DirName:/C=US/ST=Maryland/O=Distal Thoughts/CN=Distal Thoughts
Certificate Authority/emailAddress=c...@distal.com
serial:DD:EE
X509v3 Basic Constraints:
CA:TRUE
X509v3 Key Usage:
Certificate Sign, CRL Sign
Netscape Cert Type:
SSL CA, S/MIME CA
Signature Algorithm: sha1WithRSAEncryption
DD:EE:FF
% openssl x509 -text -noout -in cert/distalvpn.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
AA:BB:CC
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Maryland, O=Distal Thoughts, CN=Distal Thoughts
Certificate Authority/emailAddress=c...@distal.com
Validity
Not Before: Apr 8 21:38:36 2015 GMT
Not After : Apr 9 21:38:36 2025 GMT
Subject: C=US, ST=Maryland, O=Distal Thoughts,
CN=vpn.distal.com/emailAddress=cr...@distal.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
CC:DD:EE
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
OpenSSL Generated Server Certificate
X509v3 Subject Key Identifier:
CC:DD:EE
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Authority Key Identifier:
keyid: CC:DD:EE
Signature Algorithm: sha1WithRSAEncryption
CC:DD:EE
%
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
