Cannot load certificate file
745 views
Skip to first unread message
J Webster
Aug 1, 2011, 2:37:59 AM8/1/11
to tunnelbli...@googlegroups.com
Any ideas what causes this error?
Do I need to install an older beta version?
2011-08-01 08:14:29 *Tunnelblick: OS X 10.6.8; Tunnelblick 3.2beta28 (build 2714); OpenVPN 2.1.4
Do I need to install an older beta version?
2011-08-01 08:14:29 *Tunnelblick: OS X 10.6.8; Tunnelblick 3.2beta28 (build 2714); OpenVPN 2.1.4
2011-08-01 08:14:29 *Tunnelblick: Attempting connection with sjhight/client; Set nameserver = 5; monitoring connection
2011-08-01
08:14:29 *Tunnelblick:
/Applications/Tunnelblick.app/Contents/Resources/openvpnstart start
sjhight/client.ovpn 1337 5 0 0 0 49
2011-08-01 08:14:29 *Tunnelblick: Established communication with OpenVPN
2011-08-01 08:14:29 OpenVPN 2.1.4 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] built on Jul 31 2011
2011-08-01 08:14:29 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2011-08-01
08:14:29 Cannot load certificate file sjhight.crt:
error:02001002:system library:fopen:No such file or directory:
error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL
routines:SSL_CTX_use_certificate_file:system lib
2011-08-01 08:14:29 Exiting
2011-08-01
08:14:29 *Tunnelblick: openvpnstart:
/Applications/Tunnelblick.app/Contents/Resources/openvpn --cd
/Users/sjhight/Library/Application Support/Tunnelblick/Configurations
--daemon --management 127.0.0.1 1337 --config
/Users/sjhight/Library/Application
Support/Tunnelblick/Configurations/sjhight/client.ovpn --log
/Library/Application
Support/Tunnelblick/Logs/-SUsers-Ssjhight-SLibrary-SApplication
Support-STunnelblick-SConfigurations-Ssjhight-Sclient.ovpn.5_0_0_0_49.1337.openvpn.log
--management-query-passwords --management-hold --script-security 2 --up
/Applications/Tunnelblick.app/Contents/Resources/client.1.up.tunnelblick.sh
-m -w -d --down
/Applications/Tunnelblick.app/Contents/Resources/client.1.down.tunnelblick.sh
-m -w -d --up-restart
2011-08-01 08:14:30 *Tunnelblick: Flushed the DNS cache
jkbull...gmail.com
Aug 1, 2011, 6:52:59 AM8/1/11
to tunnelbli...@googlegroups.com
Without the contents of the configuration file (sjhight/client.ovpn), this is only an educated guess, but here goes:
It looks like you have your configuration file inside the "sjhight" folder, but the file specifies that the sjhight.crt file is not in a subfolder.
The easiest fix is to move the configuration file out of the folder, so that all of the files are in
/Users/sjhight/Library/Application Support/Tunnelblick/Configurations/
and none are in the sjhight subfolder.
If this doesn't fix the problem, please post the contents of the configuration file along with the log. Be sure to X out any sensitive IP addresses.
Ranjit Chawla
Aug 1, 2011, 7:09:11 AM8/1/11
to tunnelbli...@googlegroups.com
Hi!
Ranjit
I've had a similar problem and have been meaning to search for solutions before writing in ... but since the topic has already come up, here goes ...
I need to connect to different vpn servers from time to time, but they all have the same cert file names. I tried making a subfolder for each connection, and put in the respective files.
Thats when I got the same error. As you pointed out, when I move the files to the main folder the connection works.
I was thinking of creating an automator script to copy the files of the server which I need to connect to the main folder when needed, but is there any other solution?
Thanks so much!
Ranjit
--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To view this discussion on the web visit https://groups.google.com/d/msg/tunnelblick-discuss/-/fsdsdJ4B9vAJ.
To post to this group, send email to tunnelbli...@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en.
jkbull...gmail.com
Aug 1, 2011, 7:35:24 AM8/1/11
to tunnelbli...@googlegroups.com, ranjit...@gmail.com
So the certificate files are different but have the same names?
It is easy to deal with this situation by making each configuration into a Tunnelblick VPN Configuration.
Follow the instructions at Creating a Tunnelblick VPN Configuration. Note that if any of the configurations share files -- for example, a certificate authority certificate), in step 3 of the instructions you must copy those files, so that each of the folders you create contains all of the files needed to connect.
jkbull...gmail.com
Aug 1, 2011, 7:42:52 AM8/1/11
to tunnelbli...@googlegroups.com, ranjit...@gmail.com
One other thing: Remove all configurations from .../Tunnelblick/Configurations before making the Tunnelblick VPN Configurations (.tblks), because if one has the same name as an OpenVPN configuration (not counting the different filename extensions), there will be a name conflict.
Or, if you want, before you make the Tunnelblick VPN Configurations you can rename the .ovpn or .conf files so they won't conflict.
In other words, don't have "HomeVPN.conf" and "HomeVPN.tblk" as configurations, because it will use only one (the .tblk, I think).
Ranjit Chawla
Aug 1, 2011, 8:34:15 AM8/1/11
to tunnelbli...@googlegroups.com
Thanks! Will try it out soon and let you know ...
I've been on this list for just about a week and am immensely impressed with your support!
Reply all
Reply to author
Forward
0 new messages