服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 证书validation失败 – 打开VPN
Intereting Posts
ESXi 5pipe理程序致命启动错误 我该如何做一个掩码的urlredirect? VMware CPU超线程调度亲和性 使Windows 2003服务器更新以运行.Net 3.5 恢复Ubuntu的大众手动安装 与Active Directory DCangular色或RDSterminal服务器angular色共享文件服务angular色更好吗? mod_security2.so:未定义的符号:ap_unixd_set_gl 是否有强制Exchange日志截断的伪备份过程? BES 5.01是否还可以进行刀口切换? 批量文件复制,同时限制磁盘利用率 无法访问Drupal 7上的虚拟目录 计算机帐户(SYSTEM)通过networking 远程更改后无法在本地login到MySQL Bacula的。 从一个linux机器运行并发作业 木偶报告没有主人

证书validation失败 – 打开VPN

当build立开放的VPN连接,我面临错误“TLS_ERROR:BIO读取tls_read_plaintext错误:错误:14090086:SSL例程:ssl3_get_server_certificate:证书validation失败”

SSL证书根CA是“ Fireware Web CA

试图找出是否有任何选项来禁用证书validation。

注意:我试图通过我的路由器(Asus RT-AC55UHP)vpn客户端连接到vpn。 我能够使用tunnelblick在我的macbook中使用相同的configurationbuild立VPN连接

系统日志: 

openvpn[10205]: OpenVPN 2.3.2 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Dec 1 2016 openvpn[10205]: Socket Buffers: R=[87380->131072] S=[16384->131072] openvpn[10211]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:443 [nonblock] openvpn[10211]: TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:443 openvpn[10211]: TCPv4_CLIENT link local: [undef] openvpn[10211]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:443 openvpn[10211]: TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:443, sid=84d506xx 088122xx openvpn[10211]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this openvpn[10211]: VERIFY OK: depth=1, O=WatchGuard_Technologies, OU=Fireware, CN=Fireware SSLVPN (SN 80XX04868XXX3 2015-11-18 09:19:40 GMT) CA openvpn[10211]: Validating certificate extended key usage openvpn[10211]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS openvpn[10211]: ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.1, expects TLS openvpn[10211]: VERIFY EKU ERROR openvpn[10211]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed openvpn[10211]: TLS Error: TLS object -> incoming plaintext read error openvpn[10211]: TLS Error: TLS handshake failed openvpn[10211]: Fatal TLS error (check_tls_errors_co), restarting openvpn[10211]: SIGUSR1[soft,tls-error] received, process restarting openvpn[10211]: Restart pause, 5 second(s)

client.ovpn: 

 dev tun client proto tcp <ca> -----BEGIN CERTIFICATE----- --Removed-- -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- --Removed-- -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- --Removed-- -----END PRIVATE KEY----- </key> remote-cert-eku "TLS Web Server Authentication" remote XXX.XXX.XXX.XXX 443 persist-key persist-tun verb 3 mute 20 keepalive 10 60 cipher AES-256-CBC tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA auth SHA1 float reneg-sec 3660 nobind mute-replay-warnings auth-user-pass ;remember_connection 0 ;auto_reconnect 1