17 Sep
2023
17 Sep
'23
1:36 p.m.
Do not shoot but... client.key file permissions?
On Sun, 2023-09-17 at 18:16 +0100, Dave Hibberd via 44net wrote:
Hi there, thanks for coming back - I’ve not missed
that step, and this is what
causes my confusion.
I’ve extracted the private key, put it in client.key as the instructions said.
I’ve done this across 3 different machines, one running just openvpn which my
extract is from, one I am using openvpn network manager & gnome 3 and another
running tunnelblik.
On all 3 setups, it complains the key is missing when checking the logs and
that password verification has failed, yet when checking in tqsl, it tells me
the certificate is not password protected.
It sounds like all is for naught anyway if the server cert is expired,
Thanks anyway
DH
On 17 Sep 2023, at 17:51, Apostolos Kefalas
<sv1ljj(a)raag.org> wrote:
Hello Dave,
_______________________________________________
44net mailing list -- 44net(a)mailman.ampr.org
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
OpenSSL: error:0B080074:x509 certificate
routines:X509_check_private_key:key
values mismatch
Cannot load private key file /etc/openvpn/client.key
Error: private key password verification failed
It seems to me that you have missed a step:
The private key needs to be extracted from the YOURCALL file.
This is in the file .tqsl/keys/MM0RFN and needs to be in
/etc/openvpn/client.key
Be carefull to copy only the key and nothing else from this file. Also do
not
copy "<PRIVATE_KEY:916>" from the first line just the "-----BEGIN
PRIVATE
KEY---
--"
Unfortunately if you manage to setup correctly openvpn on your machine,
still
you are not going to have fun with AMPR, as the server certificate has
expired.
I have sent an e-mail on this list but it seems OH7LZB is not reachable from
here.
I hope this helps
73
Apostolos, SV1LJJ