Issue #
Saat mencoba connect openvpn dengan CLI muncul error VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak seperti berikut
Sun Mar 18 10:41:12 2018 OpenVPN 2.4.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 1 2018
Sun Mar 18 10:41:12 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Mar 18 10:41:12 2018 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.10
Enter Management Password:
Sun Mar 18 10:41:14 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sun Mar 18 10:41:14 2018 UDP link local: (not bound)
Sun Mar 18 10:41:14 2018 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Sun Mar 18 10:41:14 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Mar 18 10:41:14 2018 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=AQ, ST=NA, L=SilentHill, O=HSH, OU=DamageINC, CN=Base, name=HSH, [email protected]
Sun Mar 18 10:41:14 2018 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Sun Mar 18 10:41:14 2018 TLS_ERROR: BIO read tls_read_plaintext error
Sun Mar 18 10:41:14 2018 TLS Error: TLS object -> incoming plaintext read error
Sun Mar 18 10:41:14 2018 TLS Error: TLS handshake failed
Sun Mar 18 10:41:14 2018 SIGUSR1[soft,tls-error] received, process restarting
Solution #
Tambahkan baris berikut pada config.ovpn client
tls-cipher "DEFAULT:@SECLEVEL=0"
Apabila masih muncul error atau tidak dapat connect ke OpenVPN. Anda dapat mencoba mengenerate ulang Certificate pada server OpenVPN.