Lab Access Openvpn certificate verify failed

I’m having connection issues regarding my vpn to access labs.
Here’s the log:

2022-05-10 14:54:31 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless “allow-compression yes” is also set.
2022-05-10 14:54:31 DEPRECATED OPTION: --cipher set to ‘AES-128-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-128-CBC’ to --data-ciphers or change --cipher ‘AES-128-CBC’ to --data-ciphers-fallback ‘AES-128-CBC’ to silence this warning.
2022-05-10 14:54:31 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-05-10 14:54:31 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2022-05-10 14:54:31 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2022-05-10 14:54:31 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2022-05-10 14:54:31 TCP/UDP: Preserving recently used remote address: [AF_INET]43.249.38.1:1337
2022-05-10 14:54:31 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-05-10 14:54:31 UDP link local: (not bound)
2022-05-10 14:54:31 UDP link remote: [AF_INET]43.249.38.1:1337
2022-05-10 14:54:31 TLS: Initial packet from [AF_INET]43.249.38.1:1337, sid=b5e6b6e9 56c757a9
2022-05-10 14:54:31 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu, serial=1
2022-05-10 14:54:31 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2022-05-10 14:54:31 TLS_ERROR: BIO read tls_read_plaintext error
2022-05-10 14:54:31 TLS Error: TLS object → incoming plaintext read error
2022-05-10 14:54:31 TLS Error: TLS handshake failed
2022-05-10 14:54:31 SIGUSR1[soft,tls-error] received, process restarting
2022-05-10 14:54:31 Restart pause, 5 second(s)
2022-05-10 14:54:36 Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2022-05-10 14:54:36 Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
2022-05-10 14:54:36 TCP/UDP: Preserving recently used remote address: [AF_INET]43.249.38.1:1337
2022-05-10 14:54:36 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-05-10 14:54:36 UDP link local: (not bound)
2022-05-10 14:54:36 UDP link remote: [AF_INET]43.249.38.1:1337
2022-05-10 14:54:36 TLS: Initial packet from [AF_INET]43.249.38.1:1337, sid=e63a3b89 fddde13b
2022-05-10 14:54:36 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu, serial=1
2022-05-10 14:54:36 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2022-05-10 14:54:36 TLS_ERROR: BIO read tls_read_plaintext error
2022-05-10 14:54:36 TLS Error: TLS object → incoming plaintext read error
2022-05-10 14:54:36 TLS Error: TLS handshake failed
2022-05-10 14:54:36 SIGUSR1[soft,tls-error] received, process restarting
2022-05-10 14:54:36 Restart pause, 5 second(s)

Can anyone help me with this?
Thanks

I can confirm this error with OpenVPN version 2.5.5.

OpenVPN version 2.5.1 creates an connection while the version 2.5.5 give the error message.

A quick and dirty fix is to add a line

tls-cipher DEFAULT:@SECLEVEL=0

in the first section in the ovpn file.

1 Like

what a life saver my dude. it is working now.

Thanks