I have recently created a new CA certificate, as the old one was about to expire. I deployed this certificate to our OpenVPN server, and on it the verification of local certificate goes ok with both certificates (sanitized):
# openssl verify -CAfile cacert.2009-11-19.pem server_cert.2012-12-05.pem
server_cert.2012-12-05.pem: OK
# openssl verify -CAfile cacert.2013-11-18.pem server_cert.2012-12-05.pem
server_cert.2012-12-05.pem: OK
But connecting to this server with OpenVPN gives me this on server's log (sanitized):
VERIFY ERROR: depth=0, error=unable to get local issuer certificate: /C=ES/ST=***/L=***/O=***/OU=***/CN=***/emailAdress=***
Any idea would be appreciated
Thanks
Best Answer
OK, server certificate is fine. Did you try to verify client certificate:
openssl verify -CAfile {path-to-yourCA.crt} {client.crt}If it fails, re-generate client certificate. If client certificate is OK, try to increase openvpn log verbosity:
verb 6, we need more information