How to set up OpenVPN in the case of a multi-level CA?

M

Maxim2015-08-31 09:22:42

openvpn

Maxim, 2015-08-31 09:22:42

There is a certain scheme for issuing certificates, in which server and user certificates are located in different branches.
those. CA->Server CA
-> Departmental CA->Custom CA
->Custom CA
I naively assumed that by specifying the root CA in the openvpn settings everything would work, but no.
And the server was started, swears by the client machine.
When connecting, swears at the certificate

Mon Aug 31 09:13:03 2015 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=RU, ST=Krasnodar region, L=Eysk, O=GBUZ OD 4, OU=ServerRoom, CN=gateway.onko4, [email protected]

How to fix?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

M

MrJeos, 2015-09-09
@MrJeos

For the client, in the certificate file, also specify all intermediate certificates, including the root one.
It is desirable to do the same with the server certificate.

M

Maximus43, 2015-08-31
@Maximus43

The client cannot build the certificate chain. Check the AIA caIssuer in the server certificate or directly write the whole chain in the parameterca