Post History
I want to connect to my university network via OpenVPN under Fedora GNOME. I imported the openvpn configuration provided by the university in the Network Manager GUI and specified the user certifi...
#3: Post edited
by
Quasímodo
·
2024-03-10T08:29:45Z (2 months ago)
Change multiple inline code blocks to a single full code block
- I want to connect to my university network via OpenVPN under Fedora GNOME.
- I imported the openvpn configuration provided by the university in the Network Manager GUI and specified the user certificate (.crt.pem) and user key (.key.pem).
- When I want to connect, it says there was an error.
- Using `journalctl -xu NetworkManager` I can see the following (I replaced the home dir path with "/certs"):
`WARNING: file '/certs/Network_Certificate_OPVPN.key.pem' is group or others accessible``OpenVPN 2.6.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]``library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10``DCO version: N/A``NOTE: the current --script-security setting may allow this configuration to call user-defined scripts``OpenSSL: error:8000000D:system library::Permission denied:calling fopen(/certs/Network_Certificate_OPVPN.crt.pem, r)``OpenSSL: error:10080002:BIO routines::system lib:``OpenSSL: error:0A080002:SSL routines::system lib:``Cannot load certificate file /certs/Network_Certificate_OPVPN.crt.pem``Exiting due to fatal error`- So there seems to be a problem with opening the cert file? I also manually chmod'ed read (and execution) access, but that didn't change anything. Connecting via cli with sudo gives the same error.
- It may be relevant that I had to extract the cert and key with the -legacy option from a .p12 file, but I'm not sure.
- I want to connect to my university network via OpenVPN under Fedora GNOME.
- I imported the openvpn configuration provided by the university in the Network Manager GUI and specified the user certificate (.crt.pem) and user key (.key.pem).
- When I want to connect, it says there was an error.
- Using `journalctl -xu NetworkManager` I can see the following (I replaced the home dir path with "/certs"):
- ```
- WARNING: file '/certs/Network_Certificate_OPVPN.key.pem' is group or others accessible
- OpenVPN 2.6.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
- library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
- DCO version: N/A
- NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
- OpenSSL: error:8000000D:system library::Permission denied:calling fopen(/certs/Network_Certificate_OPVPN.crt.pem, r)
- OpenSSL: error:10080002:BIO routines::system lib:
- OpenSSL: error:0A080002:SSL routines::system lib:
- Cannot load certificate file /certs/Network_Certificate_OPVPN.crt.pem
- Exiting due to fatal error
- ```
- So there seems to be a problem with opening the cert file? I also manually chmod'ed read (and execution) access, but that didn't change anything. Connecting via cli with sudo gives the same error.
- It may be relevant that I had to extract the cert and key with the -legacy option from a .p12 file, but I'm not sure.
#2: Post edited
by
adonias
·
2024-03-07T12:45:05Z (2 months ago)
- I want to connect to my university network via OpenVPN under Fedora GNOME.
- I imported the openvpn configuration provided by the university in the Network Manager GUI and specified the user certificate (.crt.pem) and user key (.key.pem).
- When I want to connect, it says there was an error.
- Using `journalctl -xu NetworkManager` I can see the following (I replaced the home dir path with "/certs"):
`WARNING: file '/certs/Network_Certificate_OPVPN.key.pem' is group or others accessibleOpenVPN 2.6.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10DCO version: N/ANOTE: the current --script-security setting may allow this configuration to call user-defined scriptsOpenSSL: error:8000000D:system library::Permission denied:calling fopen(/certs/Network_Certificate_OPVPN.crt.pem, r)OpenSSL: error:10080002:BIO routines::system lib:OpenSSL: error:0A080002:SSL routines::system lib:Cannot load certificate file /certs/Network_Certificate_OPVPN.crt.pemExiting due to fatal error`- So there seems to be a problem with opening the cert file? I also manually chmod'ed read (and execution) access, but that didn't change anything. Connecting via cli with sudo gives the same error.
- It may be relevant that I had to extract the cert and key with the -legacy option from a .p12 file, but I'm not sure.
- I want to connect to my university network via OpenVPN under Fedora GNOME.
- I imported the openvpn configuration provided by the university in the Network Manager GUI and specified the user certificate (.crt.pem) and user key (.key.pem).
- When I want to connect, it says there was an error.
- Using `journalctl -xu NetworkManager` I can see the following (I replaced the home dir path with "/certs"):
- `WARNING: file '/certs/Network_Certificate_OPVPN.key.pem' is group or others accessible`
- `OpenVPN 2.6.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]`
- `library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10`
- `DCO version: N/A`
- `NOTE: the current --script-security setting may allow this configuration to call user-defined scripts`
- `OpenSSL: error:8000000D:system library::Permission denied:calling fopen(/certs/Network_Certificate_OPVPN.crt.pem, r)`
- `OpenSSL: error:10080002:BIO routines::system lib:`
- `OpenSSL: error:0A080002:SSL routines::system lib:`
- `Cannot load certificate file /certs/Network_Certificate_OPVPN.crt.pem`
- `Exiting due to fatal error`
- So there seems to be a problem with opening the cert file? I also manually chmod'ed read (and execution) access, but that didn't change anything. Connecting via cli with sudo gives the same error.
- It may be relevant that I had to extract the cert and key with the -legacy option from a .p12 file, but I'm not sure.
#1: Initial revision
by
adonias
·
2024-03-07T12:43:25Z (2 months ago)
NetworkManager can't open certificate file when trying to connect to VPN
I want to connect to my university network via OpenVPN under Fedora GNOME. I imported the openvpn configuration provided by the university in the Network Manager GUI and specified the user certificate (.crt.pem) and user key (.key.pem). When I want to connect, it says there was an error. Using `journalctl -xu NetworkManager` I can see the following (I replaced the home dir path with "/certs"): `WARNING: file '/certs/Network_Certificate_OPVPN.key.pem' is group or others accessible OpenVPN 2.6.9 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10 DCO version: N/A NOTE: the current --script-security setting may allow this configuration to call user-defined scripts OpenSSL: error:8000000D:system library::Permission denied:calling fopen(/certs/Network_Certificate_OPVPN.crt.pem, r) OpenSSL: error:10080002:BIO routines::system lib: OpenSSL: error:0A080002:SSL routines::system lib: Cannot load certificate file /certs/Network_Certificate_OPVPN.crt.pem Exiting due to fatal error` So there seems to be a problem with opening the cert file? I also manually chmod'ed read (and execution) access, but that didn't change anything. Connecting via cli with sudo gives the same error. It may be relevant that I had to extract the cert and key with the -legacy option from a .p12 file, but I'm not sure.