https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162023-02-22T07:43:36ZpfSense bugtrackerpfSense - Regression #13988: PHP error with OpenVPN if the server certificate subject has duplicate componentshttps://redmine.pfsense.org/issues/13988?journal_id=657942023-02-22T07:43:36ZJim Pingle
<ul><li><strong>Subject</strong> changed from <i>PHP error with OpenVPN</i> to <i>PHP error with OpenVPN if the server certificate subject has duplicate components</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li></ul><p>That would have to be an issue in the certificate data. Somehow one of those certificates is triggering a return of multiple common name values in an array instead of a single CN as a string, but that shouldn't be possible as far as I can tell (unless maybe it was generated outside of pfSense in some non-standard way?).</p>
<p>To replicate this and investigate a solution we'll need the certificate "crt" PEM data (not the private key, just the cert) for whichever one of those is the OpenVPN server certificate.</p> pfSense - Regression #13988: PHP error with OpenVPN if the server certificate subject has duplicate componentshttps://redmine.pfsense.org/issues/13988?journal_id=658822023-02-26T09:21:17ZMarcos M
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Confirmed</i></li></ul><p>The issue looks to be that the cert used for the OpenVPN server contains multiple <code>CN</code> fields/values (which indicates the cert was not created in the pfSense GUI). It was reported that if the OpenVPN server config using this cert is not deleted, the system will not boot properly resulting in no connectivity.</p>