Openvpn SSL error

cybsf · October 27, 2021, 10:25am

Hello all,

I’ve tried to connect to the starting point by using OpenVPN but i always gives me the following error:

sudo openvpn --config starting_point_cybsf.ovpn 

Wed Oct 27 12:20:25 2021 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Wed Oct 27 12:20:25 2021 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Wed Oct 27 12:20:25 2021 OpenSSL: error:0909006C:PEM routines:get_name:no start line
Wed Oct 27 12:20:25 2021 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Wed Oct 27 12:20:25 2021 Cannot load inline certificate file
Wed Oct 27 12:20:25 2021 Exiting due to fatal error

Can somebody help me with this problem?

NightWolf56 · October 27, 2021, 12:02pm

Regenerate the config file and replace your current one. You can also try swapping server regions. If the issue persists, contact support via the green chat bubble.

cybsf · October 28, 2021, 6:30am

This fixed my problem! Thank you.

RachelGomez · December 12, 2022, 6:46am

Use our troubleshooting tips for the following error messages if you encounter issues.

Certificate doesn’t match private key

This message occurs when your private key doesn’t match the one you used to sign the CSR submitted to your certificate authority. Ensure you use the same key file you used to generate your CSR.

If you lost this file, restart the certificate generation process and ask your certificate authority for a certificate replacement. The private key is unique and can’t be recreated. If you’ve lost it, the signed public certificate also becomes useless.

Problems getting password, bad password read

This message occurs when your private key is encrypted with a passphrase, and Access Server doesn’t know how to decrypt the private key (i.e., it doesn’t know the passphrase).

To resolve:

Decrypt your private key by running this example command on the command line with the OpenSSL program.
openssl rsa -in server.key -out decrypted.key
Provide your passphrase.
Load the resulting decrypted private key file into your Access Server.
OpenVPN Access Server doesn’t support passphrase-encrypted private key files for the web services.

PEM_read_bio, no start line

This is usually part of an error message like this:

Private Key Load Error [(‘PEM routines’, ‘PEM_read_bio’, ‘no start line’)] (OpenSSL.crypto.Error)
This error occurs with an invalid private key. Ensure you provide the correct file. Check that you didn’t accidentally supply your public certificate as the private key, or vice-versa. The private key field in Access Server only accepts a valid private key.

If you’re sure the file is valid, check the formatting of the private key file. For example, without line breaks or with line breaks using a different EOL (End-of-Line) standard that isn’t acceptable. You may try to manually fix this problem yourself with proper EOL conversion tools or by contacting your certificate authority for assistance. We often see this problem with certain providers of SSL certificates that generate the private key for you. They may be providing it with Windows-type EOL characters, which can cause a problem. Usually, they can help you obtain a Linux-compatible version, or you can use a text editing tool to convert the file format to a type that doesn’t contain these additional characters.
Regards,
Rachel Gomez