The server won't automatically trust connections from callsign certificates because they aren't signed by the root CA directly.
The root CA signs a small number of subordinate intermediate CAs and those are the ones that actually sign certs for end users.
In order to bridge the chain of trust, the client must also supply the intermediate cert that signed the end user cert. It's been a long time since I've worked with openvpn, so I don't remember how it's supposed to be configured. It's either one of two ways:
1. There may be a config file option for supplying a separate certificate chain file which would just be a cert file with the intermediate in it.
2. If there's no option for a chain file, you may be able to concatenate both your end user cert and the intermediate into the same cert file for the client to read.
If I manage to get some time later, I'll see if I can research the correct method for you.
-Cory NQ1E