Can't connect SSL VPN Remote Access.

Question

Hi all, 
 I'm trying to set up a VPN SSL for remote access, after regenerate certificate I get this error while trying to connect. 
 Mon Mar 27 14:21:49 2017 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Dec 9 2016 Mon Mar 27 14:21:49 2017 library versions: OpenSSL 1.0.1u 22 Sep 2016, LZO 2.09 Enter Management Password: Mon Mar 27 14:21:49 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Mon Mar 27 14:21:49 2017 Need hold release from management interface, waiting... Mon Mar 27 14:21:50 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Mon Mar 27 14:21:50 2017 MANAGEMENT: CMD 'state on' Mon Mar 27 14:21:50 2017 MANAGEMENT: CMD 'log all on' Mon Mar 27 14:21:50 2017 MANAGEMENT: CMD 'hold off' Mon Mar 27 14:21:50 2017 MANAGEMENT: CMD 'hold release' Mon Mar 27 14:21:59 2017 MANAGEMENT: CMD 'username "Auth" "administrador"' Mon Mar 27 14:21:59 2017 MANAGEMENT: CMD 'password [...]' Mon Mar 27 14:21:59 2017 Socket Buffers: R=[65536->65536] S=[65536->65536] Mon Mar 27 14:21:59 2017 Attempting to establish TCP connection with [AF_INET]186.64.174.54:8443 [nonblock] Mon Mar 27 14:21:59 2017 MANAGEMENT: >STATE:1490646119,TCP_CONNECT,,,,,, Mon Mar 27 14:22:00 2017 TCP connection established with [AF_INET]186.64.174.54:8443 Mon Mar 27 14:22:00 2017 TCPv4_CLIENT link local: [undef] Mon Mar 27 14:22:00 2017 TCPv4_CLIENT link remote: [AF_INET]186.64.174.54:8443 Mon Mar 27 14:22:00 2017 MANAGEMENT: >STATE:1490646120,WAIT,,,,,, Mon Mar 27 14:22:00 2017 MANAGEMENT: >STATE:1490646120,AUTH,,,,,, Mon Mar 27 14:22:00 2017 TLS: Initial packet from [AF_INET]186.64.174.54:8443, sid=de463156 c6977f16 Mon Mar 27 14:22:00 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mon Mar 27 14:22:00 2017 VERIFY OK: depth=1, C=CR, ST=San Jos&eacute;, L=San Jos&eacute;, O=W&uuml;rth, OU=W&uuml;rth, CN=W&uuml;rth Costa Rica, emailAddress=carlo.rosales@wurth.cr Mon Mar 27 14:22:00 2017 VERIFY X509NAME ERROR: C=CR, ST=NA, L=San Jos&eacute;, O=Wurth Costa Rica, OU=OU, CN=SophosApplianceCertificate_S1403B221848B3D, emailAddress=carlo.rosales@wurth.cr, must be C=CR, ST=NA, L=San Jos&Atilde;&Acirc;&copy;, O=Wurth Costa Rica, OU=OU, CN=SophosApplianceCertificate_S1403B221848B3D, emailAddress=carlo.rosales@wurth.cr Mon Mar 27 14:22:00 2017 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Mon Mar 27 14:22:00 2017 TLS Error: TLS object -> incoming plaintext read error Mon Mar 27 14:22:00 2017 TLS Error: TLS handshake failed Mon Mar 27 14:22:00 2017 Fatal TLS error (check_tls_errors_co), restarting Mon Mar 27 14:22:00 2017 SIGUSR1[soft,tls-error] received, process restarting Mon Mar 27 14:22:00 2017 MANAGEMENT: >STATE:1490646120,RECONNECTING,tls-error,,,,, Mon Mar 27 14:22:00 2017 Restart pause, 5 second(s) Mon Mar 27 14:22:05 2017 Socket Buffers: R=[65536->65536] S=[65536->65536] Mon Mar 27 14:22:05 2017 Attempting to establish TCP connection with [AF_INET]172.16.16.16:8443 [nonblock] Mon Mar 27 14:22:05 2017 MANAGEMENT: >STATE:1490646125,TCP_CONNECT,,,,,, Mon Mar 27 14:22:06 2017 TCP connection established with [AF_INET]172.16.16.16:8443 Mon Mar 27 14:22:06 2017 TCPv4_CLIENT link local: [undef] Mon Mar 27 14:22:06 2017 TCPv4_CLIENT link remote: [AF_INET]172.16.16.16:8443 Mon Mar 27 14:22:06 2017 MANAGEMENT: >STATE:1490646126,WAIT,,,,,, Mon Mar 27 14:22:06 2017 MANAGEMENT: >STATE:1490646126,AUTH,,,,,, Mon Mar 27 14:22:06 2017 TLS: Initial packet from [AF_INET]172.16.16.16:8443, sid=298bc3b2 5cb0532f Mon Mar 27 14:22:06 2017 VERIFY OK: depth=1, C=CR, ST=San Jos&eacute;, L=San Jos&eacute;, O=W&uuml;rth, OU=W&uuml;rth, CN=W&uuml;rth Costa Rica, emailAddress=carlo.rosales@wurth.cr Mon Mar 27 14:22:06 2017 VERIFY X509NAME ERROR: C=CR, ST=NA, L=San Jos&eacute;, O=Wurth Costa Rica, OU=OU, CN=SophosApplianceCertificate_S1403B221848B3D, emailAddress=carlo.rosales@wurth.cr, must be C=CR, ST=NA, L=San Jos&Atilde;&Acirc;&copy;, O=Wurth Costa Rica, OU=OU, CN=SophosApplianceCertificate_S1403B221848B3D, emailAddress=carlo.rosales@wurth.cr Mon Mar 27 14:22:06 2017 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Mon Mar 27 14:22:06 2017 TLS Error: TLS object -> incoming plaintext read error Mon Mar 27 14:22:06 2017 TLS Error: TLS handshake failed Mon Mar 27 14:22:06 2017 Fatal TLS error (check_tls_errors_co), restarting Mon Mar 27 14:22:06 2017 SIGUSR1[soft,tls-error] received, process restarting Mon Mar 27 14:22:06 2017 MANAGEMENT: >STATE:1490646126,RECONNECTING,tls-error,,,,, Mon Mar 27 14:22:06 2017 Restart pause, 5 second(s) 
 Here is my configuration.

Am I missing something? 
 This could be due to the certificate regeneration? 
 Thanks in advance.

John Henry Vindas Carballo · Accepted Answer

Problem with the VPN SSL has been fixed, I just had to generate a new self-signed certificate and change it on the VPN Settings > SSL Server Certificate .

Aditya Patel · Answer

HI John , 
 We are glad you were able to resolve this issue , We would recommend you to regenerate the Appliance Certificate as its used and also remove all the user certificate as they may not match with the Appliance Certificate .