Help Center/
Virtual Private Network/
Troubleshooting/
P2C VPN/
Client Connection Failures/
The Client Log Contains "OpenSSL: error:0A000086:SSL routines::certificate verify failed"
Updated on 2024-12-10 GMT+08:00
The Client Log Contains "OpenSSL: error:0A000086:SSL routines::certificate verify failed"
Applicable Client
- Linux
- Windows OpenVPN GUI
- Windows OpenVPN Connect
Symptom
A client cannot connect to a P2C VPN gateway, and the log contains the following error information:
OpenSSL: error:0A000086:SSL routines::certificate verify failed
Possible Causes
The server certificate used by the VPN gateway does not contain the Extended Key Usage attribute. As a result, certificate verification fails.
Procedure
- Check and verify that the generated server certificate contains the Extended Key Usage attribute, as shown in Figure 1.
- A server certificate generated by the Easy-RSA shell command ./easyrsa build-server-full contains this attribute by default.
- A server certificate issued through OpenSSL does not contain this attribute. You need to add extendedKeyUsage = serverAuth to the server certificate file.
- Host the server certificate containing this attribute in the CCM, replace the server certificate with a correct one on the Server tab page of the VPN gateway, and reconnect the client to the VPN gateway.
Parent topic: Client Connection Failures
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot