Comments on NetworkManager can't open certificate file when trying to connect to VPN
Post
NetworkManager can't open certificate file when trying to connect to VPN
+3
−0
I want to connect to my university network via OpenVPN under Fedora GNOME. I imported the openvpn configuration provided by the university in the Network Manager GUI and specified the user certificate (.crt.pem) and user key (.key.pem).
When I want to connect, it says there was an error.
Using journalctl -xu NetworkManager I can see the following (I replaced the home dir path with "/certs"):
WARNING: file '/certs/Network_Certificate_OPVPN.key.pem' is group or others accessible
OpenVPN 2.6.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
DCO version: N/A
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
OpenSSL: error:8000000D:system library::Permission denied:calling fopen(/certs/Network_Certificate_OPVPN.crt.pem, r)
OpenSSL: error:10080002:BIO routines::system lib:
OpenSSL: error:0A080002:SSL routines::system lib:
Cannot load certificate file /certs/Network_Certificate_OPVPN.crt.pem
Exiting due to fatal error
So there seems to be a problem with opening the cert file? I also manually chmod'ed read (and execution) access, but that didn't change anything. Connecting via cli with sudo gives the same error.
It may be relevant that I had to extract the cert and key with the -legacy option from a .p12 file, but I'm not sure.
1 comment thread