Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: [smeserver-openvpn-bridge-fws] Zero KB CRT for client certs
« previous next »
Pages: [1]   Go Down

[smeserver-openvpn-bridge-fws] Zero KB CRT for client certs

  • 3 Replies
  • 1194 Views

Offline iltasu

  • *
  • 28
  • +0/-0
[smeserver-openvpn-bridge-fws] Zero KB CRT for client certs
« on: April 17, 2008, 12:57:47 PM »
Hello, I'm running some 7.3 sme servers with openvpn in bridge mode, until 7.2, this contrib worked really well, but since 7.3, when I create client certificates, it always creates an empty clientname.crt, leading to the impossibility to connect remotely (the openvpn client tells me it cannot find the client certificate...)
I'm using the 1.1.2 version of the contrib.

Thanks for the help
Logged

Offline iltasu

  • *
  • 28
  • +0/-0
Re: [smeserver-openvpn-bridge-fws] Zero KB CRT for client certs
« Reply #1 on: April 17, 2008, 01:06:38 PM »
I found that trying to generate the certificate by hand leads to an error:
Code: [Select]
# openssl ca -days 3650 -out /etc/openvpn/easy-rsa/keys/bridge/manuelmonari.crt -in /etc/openvpn/easy-rsa/keys/bridge/manuelmonari.csr -config /etc/openvpn/easy-rsa/openssl-bridge.cnf
Using configuration from /etc/openvpn/easy-rsa/openssl-bridge.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'FR'
stateOrProvinceName   :PRINTABLE:'France'
localityName          :PRINTABLE:'Bordeaux'
organizationName      :PRINTABLE:'Firewall-Services'
organizationalUnitName:PRINTABLE:'VPN'
commonName            :PRINTABLE:'manuelmonari'
emailAddress          :IA5STRING:'admin'
The countryName field needed to be the same in the
CA certificate (IT) and the request (FR)

Now I try to change the config file, but I thought it would have been updated by the web interface (or the templating subsystem of the sme server)
Logged

Offline Daniel B.

  • *
  • 1,699
  • +0/-0
    • Firewall Services, la sécurité des réseaux
Re: [smeserver-openvpn-bridge-fws] Zero KB CRT for client certs
« Reply #2 on: April 17, 2008, 01:27:17 PM »
You need to manually update the values, it appears it have been reseted to the default one.

Code: [Select]
db openvpn-bridge setprop default_config countryCode yourcountrycode sectionName yoursectionname countryName yourcountryname localityName yourlocalityname organizationName yourorganisationname
yourcountrycode yoursectionname yourcountryname yourlocalityname yourorganisationname must be the same you have configured when you installed it the first time.

The command
Code: [Select]
openssl x509 -noout -text -in /etc/openvpn/easy-rsa/keys/bridge/ca.crt should show you what you need to enter
Logged
C'est la fin du monde !!! :lol:

Offline iltasu

  • *
  • 28
  • +0/-0
Re: [smeserver-openvpn-bridge-fws] Zero KB CRT for client certs
« Reply #3 on: April 17, 2008, 01:49:08 PM »
Many thanks, I'll try them when I'll be at the office! ^_^
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: [smeserver-openvpn-bridge-fws] Zero KB CRT for client certs