Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
Cant connect open vpn and /var/log/openvpn file indicates below error.
I found in internet and forums and tried several ways but cant fix this issue.
Could you please suggest a solution for this..
322.194.25.95:50805 WARNING: Failed to stat CRL file, not reloading CRL.
322.194.25.95:50805 VERIFY ERROR: depth=0, error=CRL has expired: CN=xxx, serial=48224189780147007500459476518371450603
322.194.25.95:50805 OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
322.194.25.95:50805 TLS_ERROR: BIO read tls_read_plaintext error
322.194.25.95:50805 TLS Error: TLS object -> incoming plaintext read error
322.194.25.95:50805 TLS Error: TLS handshake failed
322.194.25.95:50805 SIGUSR1[soft,tls-error] received, client-instance restarting```
This error means that your server config has specified a crl (certificate revocation list) file but the openvpn server cannot find it. Please look for a directive in your server.conf configuration file that looks like crl-verify and confirm whether or not there is a crl file in the openvpn directory matching that name.
Next, the issue could be that your CRL has expired and you need to generate a new one using easyrsa. You can generate a new crl file using
./easyrsa gen-crl
And copy the crl to the openvpn configuration directory.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
