OpenVPN: self-signed certificate in chain

openssl openvpn

Solution 1:

Just to bring full-closure to this thread: that WAS indeed the problem. The "ca.crt" that I had received ("Virginia") WAS NOT in fact the one that my colleague was using ("VA"), and neither one of us noticed at the time.

So... basically (and purely in layman's terms) VPN was trying to take a walk up the chain of authority looking for the ca.crt that it expected to find, but it never did (because it was not there).

And, this is one of those wonderful messages that crypto systems are so well-known for: entirely accurate, and yet, completely mysterious to the uninitiated. (And, to be fair, crypto systems don't like to divulge information about anything, as they presume the person they're talking to is surely evil Eve, not nice Alice or Bob.)

Related

Anyway to get GRUB failsafe to timeout?
tmux won't run as non root user?
What directory and file structure to use for Puppet?
Is the serviceAutoStartProvider attribute required to auto-start an ASP.NET application?
IPA dynamic DNS updates only the AAAA record. Where are my A records?
how to prevent cron logs from registering in syslog?
nginx terminates connection after 65k bytes
linux 802.1x on a windows wired network
What does the --master option ACTUALLY do in uwsgi?
firewalld not listing any active zones?
linux + lvextend vs lvresize - what are the differences
Can an IIS server have too much memory?