I am running with the newest core 185
Was this bug here not fixed with the latest update?
Just for reference httpd log
Country Name (2 letter code) [GB]:State or Province Name (full name) :Locality Name (eg, city) :Organization Name (eg, company) [My Company Ltd]:Organizational Unit Name (eg, section) :Common>
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password :An optional company name :Error adding request extensions from section server
4047AD44D7740000:error:04000067:object identifier routines:OBJ_txt2obj:unknown object name:crypto/objects/obj_dat.c:426:
4047AD44D7740000:error:04000067:object identifier routines:OBJ_txt2obj:unknown object name:crypto/objects/obj_dat.c:426:
4047AD44D7740000:error:11000079:X509 V3 routines:v2i_AUTHORITY_KEYID:no issuer certificate:crypto/x509/v3_akid.c:156:
4047AD44D7740000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:crypto/x509/v3_conf.c:48:section=server, name=authorityKeyIdentifier, value=keyid,issuer:always
A fix was merged and I tested it with CU185 Testing and the root/host certificate set was created without any issues.
I have just updated my vm systems to CU185 so I will create a clone and test out clearing the x509 certificates and creating a new set and let you know what I find.
Checking the ovpn.cnf file it does not have the changes.
However the changes are in the ovpn.cnf file in the IPFire repo for CU185.
Also the shipment of ovpn.cnf was also listed in the update so it should have been changed and as I say, when I tested it with the CU185 Testing, on a clone of the same vm the update occurred without any issues.
I will have to look further into this to understand what is happening.
Many thanks for your info. Very helpful! As I am somehow new to IpFire I did not know if the error is on my side. Just let me know once you know how I can fix the issue.
Having checked the exclude file it looks like all modifications to /var/ipfire/ovpn are excluded from being carried out during an update. Checking the CU185 upgrade log file confirmed that ovpn.cnf was not modified during the upgrade.
However that does not explain why the change worked for me when I tested it out in CU185 Testing.
If you are willing to edit files from the console command line I can give you instructions on which two lines need to be removed from the ovpn.cnf file.
Run the command cp /var/ipfire/ovpn/openssl/ovpn.cnf /var/ipfire/ovpn/openssl/ovpn.cnf.orig. This creates a backup copy.
Run the command chown nobody:nobody /var/ipfire/ovpn/openssl/ovpn.cnf.orig. This changes the owner from root to nobody, in case you need to use this backup file.
Run the command nano -l /var/ipfire/ovpn/openssl/ovpn.cnf. This will open the nano editor with line numbers shown. Remove the lines 88 & 87 and exit from editor saving the changes.
These lines should have the contents
This worked like a charm. Many thx for your support! Had to take some server options out of the config file of the downloaded packege for my Android mobile. But now it connects and its all well!
After you got the openssl error did you remove the x509 certificate set again. When you have the error the root certificate has been created but the host certificate failed to be created. That created root certificate needs to be removed before trying to create a new set after the ovpn.cnf file has been edited.