OpenSSL - something more useful than 256 error

I do wish that OpenSSL would come up with something more useful than 256 error.

I had 2 net-to-net virtual nets running, but had to rebuild my firewall. Due to a change in DDNS servers, I had to re-do the certificates.

My first try after reinstalling IPfire and a backup was to remove the x509 which seemed to remove the connections. It complained about using a duplicate port of one of the old connections.

I then reinstalled the backup and deleted the two connections, reboot.

The first one set up with out problems. It’s pretty much default everything on port 1195 with OpenVPN subnet of

The second one on port 1196 with OpenVPN subnet of, copied from what was working before, gives an OpenSSL 256 error.

The names are different, I even tried changing the local VPN hostname. I tried variations in the certificate fields

Have you read this thread?


Hi all,
@jinnicky did you checked ‘/var/log/httpd/error_log’ ? May there are more detailed information what causes the 256 error ? Such error may can be intercepted by a plausibility check in ovpnmain.cgi ?



Yes I did, thank you.

It turns out that the fields in the second certificate matched the first one too closely. Once I changed that, it was accepted.