Hi,
On 28/12/2023 21:15, Richard Couture wrote:
the following is the actual reason for clients to not be able to connect:
2023-12-28 14:01:01 187.251.133.221:1194 VERIFY ERROR: depth=0,
error=CRL signature failure: C=MX, ST=Jalisco, L=Tlaquepaque, O=Vame
Vehiculos, CN=rrc, emailAddress=salvador.ba...@moov.com.mx, serial=7
2023-12-28 14:01:01 187.251.133.221:1194 OpenSSL: error:0A000086:SSL
routines::certificate verify failed
2023-12-28 14:01:01 187.251.133.221:1194 TLS_ERROR: BIO read
tls_read_plaintext error
2023-12-28 14:01:01 187.251.133.221:1194 TLS Error: TLS object ->
incoming plaintext read error
2023-12-28 14:01:01 187.251.133.221:1194 TLS Error: TLS handshake failed
2023-12-28 14:01:16 187.251.133.221:1194 VERIFY ERROR: depth=0,
error=CRL signature failure: C=MX, ST=Jalisco, L=Tlaquepaque, O=Vame
Vehiculos, CN=rrc, emailAddress=salvador.ba...@moov.com.mx, serial=7
2023-12-28 14:01:16 187.251.133.221:1194 OpenSSL: error:0A000086:SSL
routines::certificate verify failed
did you create a new CRL after having created the new CA?
If the verification is failed, I can imagine two reasons:
1) CRL not signed with the current CA
2) CRL signed with a legacy algorithm which is not accepted by the more
recent OpenSSL.
Regards,
--
Antonio Quartulli
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
