search

OpenVPN / openvpn-gui

OpenVPN GUI is a graphical frontend for OpenVPN running on Windows 7 / 8 / 10. It creates an icon in the notification area from which you can control OpenVPN to start/stop your VPN tunnels, view the log and do other useful things.
Other
1.43k stars 402 forks source link

Error=Unable to Get Local Issuer Certificate #341

Closed john7200 closed 3 years ago

john7200 commented 4 years ago

Suddenly, OpenVPN/OpenVPN-GUI cannot connect to any server anymore. The red error messages are always the same regardless of origin (country) of server.

VERIFY ERROR: depth=1, error=unable to get local issuer certificate: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed TLS_ERROR: BIO read tls_read_plaintext error TLS Error: TLS object -> incoming plaintext read error TLS Error: TLS handshake failed

It happened suddenly this morning. A few hours ago all OpenVPN configuration files (.ovpn) worked fine. I had no idea about why this happened. I did not change anything both in OpenVPN and the configuration files and my connection is normal (I can open any site without any problem). The strange thing is SoftEther could connect without any problem at all, even to the same server (Tsukuba) that OpenVPN always failed to connect to.

Worth mentioning is I am only a user, not a server administrator or advanced user.

I apologize if my English is not good. I am Japanese.

john7200 commented 4 years ago

I tested all OpenVPN config files (.ovpn) by creating connection setting in SoftEther and copying the required attributes from the config files into SoftEther client.

Without revealing the IP, I created 5 connection settings from 5 config files from these servers:

I could connect to those servers without any problem using SoftEther, yet OpenVPN always failed to connect with the same config files, showing those red error messages that I wrote in my previous message. A few hours before that, I could connect to those servers using OpenVPN without any problem.

This happened suddenly and started today for the first time and even now I still cannot manage to get OpenVPN to connect to those servers.

I have tried all these things:

All to no avail. OpenVPN still cannot connect and always shows those red error messages.

I apologize if my English is not good and confusing.

john7200 commented 4 years ago

I just realized that OpenVPN in my smartphone (Android) is affected too. Now OpenVPN cannot connect to any server and always shows these red error messages soon after trying to authenticate:

VERIFY ERROR: depth=1, error=unable to get local issuer certificate: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed TLS_ERROR: BIO read tls_read_plaintext error TLS Error: TLS object -> incoming plaintext read error TLS Error: TLS handshake failed

What actually happened? Why did this start happening today?

selvanair commented 4 years ago

The error means the CA certificate for the server certificate could not be found. The ca option in the ovpn file may be wrong or your server might have recently changed their ca setup. You will have to contact your server administrator to figure this out.

john7200 commented 4 years ago

Thank you very much for taking time to write a reply.

I have already noticed that. All OpenVPN config files from Tsukuba I obtained from VPN Gate today this morning (March 22) have different CA certificate than the ones I obtained yesterday (March 21) and in the past. But still, I couldn't connect to any of the server with OpenVPN.

The error messages shown are still the same.

The problem is none of the config files is working with OpenVPN anymore since yesterday morning, regardless of server and CA certificate.