2017
April
Standard

OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed [Openvpn]

Centos 7 no longer supports MD5,

Error msg:

OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 5 second(s)

Solution:

#yum install openvpn
#cd /etc/openvpn

mv client.conf service.conf

#systemctl enable openvpn@service.service

Add this line to /usr/lib/systemd/system/openvpn@service

[Service]
Environment="OPENSSL_ENABLE_MD5_VERIFY=1 NSS_HASH_ALG_SUPPORT=+MD5"

#systemctl daemon-reload
#systemctl restart openvpn@service.service
more