Hello,
we noticed strange TLS Errors after renewing the certificate authority:
We get the message "certificate is not yet valid".
(self-signed Standard certificate of the sophos),
What we had done: Recreated Certificate and Cert-Authority. Changed some contet (e.g. OU Name) in the default certificate.
Re-Downloaded and Re-Installed SSL VPN Client & Config, but this does not help.
...
Mon Aug 10 13:49:17 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)]
[LZO] [IPv6] built on Jul 3 2017
Mon Aug 10 13:49:17 2020 library versions: OpenSSL 1.0.2l 25 May 2017,
LZO 2.09
Enter Management Password:
Mon Aug 10 13:49:17 2020 MANAGEMENT: TCP Socket listening on
[AF_INET]127.0.0.1:25340
Mon Aug 10 13:49:17 2020 Need hold release from management interface,
waiting...
Mon Aug 10 13:49:18 2020 MANAGEMENT: Client connected from
[AF_INET]127.0.0.1:25340
Mon Aug 10 13:49:18 2020 MANAGEMENT: CMD 'state on'
Mon Aug 10 13:49:18 2020 MANAGEMENT: CMD 'log all on'
Mon Aug 10 13:49:18 2020 MANAGEMENT: CMD 'hold off'
Mon Aug 10 13:49:18 2020 MANAGEMENT: CMD 'hold release'
Mon Aug 10 13:49:27 2020 MANAGEMENT: CMD 'username "Auth" "test"'
Mon Aug 10 13:49:27 2020 MANAGEMENT: CMD 'password [...]'
Mon Aug 10 13:49:27 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Aug 10 13:49:27 2020 Attempting to establish TCP connection with
[AF_INET]80.151.XXX.XXX:8443 [nonblock]
Mon Aug 10 13:49:27 2020 MANAGEMENT: >STATE:1597060167,TCP_CONNECT,,,,,,
Mon Aug 10 13:49:28 2020 TCP connection established with
[AF_INET]80.151.XXX.XXX:8443
Mon Aug 10 13:49:28 2020 TCPv4_CLIENT link local: [undef]
Mon Aug 10 13:49:28 2020 TCPv4_CLIENT link remote:
[AF_INET]80.151.XXX.xxx.8443
Mon Aug 10 13:49:28 2020 MANAGEMENT: >STATE:1597060168,WAIT,,,,,,
Mon Aug 10 13:49:28 2020 MANAGEMENT: >STATE:1597060168,AUTH,,,,,,
Mon Aug 10 13:49:28 2020 TLS: Initial packet from
[AF_INET]80.151.XXX.XXX:8443, sid=b7419ddf 2965c3a0
Mon Aug 10 13:49:28 2020 WARNING: this configuration may cache passwords
in memory -- use the auth-nocache option to prevent this
Mon Aug 10 13:49:29 2020 VERIFY ERROR: depth=1, error=certificate is not
yet valid: C=DE, ST=NA, L=XXXX, O=XXXXX GmbH, OU=OU,
CN=Sophos_CA_XXXX, emailAddress=info@XXXXX.info
Mon Aug 10 13:49:29 2020 TLS_ERROR: BIO read tls_read_plaintext error:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate
verify failed
Mon Aug 10 13:49:29 2020 TLS Error: TLS object -> incoming plaintext
read error
Mon Aug 10 13:49:29 2020 TLS Error: TLS handshake failed
Mon Aug 10 13:49:29 2020 Fatal TLS error (check_tls_errors_co), restarting
Mon Aug 10 13:49:29 2020 SIGUSR1[soft,tls-error] received, process
.....
Why does the individual .exe installer produce such results? Shound never happen :-|
Any suggestions?
Regards
Frank Ruenagel
This thread was automatically locked due to age.
