OpenVPN SSL Peer Certificate Verification Error

Question

Hi, 
 We have a XGS2300 (SFOS 19.5.3 MR-3-Build652 with an SSL Remote Access VPN with OpenVPN clients. 
 Not sure if this was a Sophos or OpenVPN issue but I had to start somewhere. 
 I had a user call last last night with a Peer Certificate Verification Error. When I tested my connection, I got the same error. Connected to Sophos Central, looked around, all looked ok. I hadn't changed anything and actually my own VPN was working fine earlier in the day. We did renew our certificate recently but this was a couple weeks ago. The previous (now expire cert) wasn't being used that I know of but did expire yesterday. 
 I changed the VPN cert to the appliance cert in a panic, same result. Changed it back again. A couple minutes later I tested and it worked. No idea why. As far as I know, I changed nothing. 
 I assume the expiring old cert did something, but for the life of me I can't figure out why it worked, then didn't, then did again. 
 Thanks, 
 Jeff

Vivek Jagad · Accepted Answer

Hello JeffCooper , Thank you for reaching out to the community, in OpenVPN "Peer certificate verification failure" this error usually occurs if the client certificate failed to validate the certificate presented by the VPN server or if certificate is not trusted by the client any mismatch between the certificate and the server hostname. To resolve this issue, check the certificate presented by the VPN server is signed by a trusted root CA.

Andrej Pirman · Answer

I had few clients with exactly the same problem. My workaround was on OpenVPN client --> Settings --> Advanced settings --> Security = Allow INSECURE cryptographics mechanisms.

OpenVPN SSL Peer Certificate Verification Error

Top Replies