Skip to content

Instantly share code, notes, and snippets.

@kralo

kralo/howto-securepointssl-nscerttype-error.md

Created April 1, 2020 11:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kralo/66d93bbc6fde8e60d522be0fd86b0a26 to your computer and use it in GitHub Desktop.
Save kralo/66d93bbc6fde8e60d522be0fd86b0a26 to your computer and use it in GitHub Desktop.
Download ZIP
securepoint ssl client openvpn require nsCertType=SERVER
Raw
howto-securepointssl-nscerttype-error.md

If you experience this error VERIFY nsCertType ERROR: CN=server, require nsCertType=SERVER

try to update your Securepoint SSL VPN Client Version.

V. 2.0.18 did not work, V 2.0.28 did work.

Securepoint SSL Client 2.0.18 == not working
Try to start OpenVPN connection <redacted>
Wed Apr 01 13:02:59 2020 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Wed Apr 01 13:02:59 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Apr 01 13:02:59 2020 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.09

Wed Apr 01 13:02:59 2020 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Wed Apr 01 13:02:59 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 01 13:02:59 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 01 13:02:59 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Apr 01 13:03:00 2020 UDPv4 link local: [undef]
Wed Apr 01 13:03:00 2020 UDPv4 link remote: [AF_INET]<remoteIP>:1194
Wed Apr 01 13:03:00 2020 TLS: Initial packet from [AF_INET]<remoteIP>:1194, sid=c112afcb a924f844
Wed Apr 01 13:03:00 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Apr 01 13:03:00 2020 VERIFY OK: depth=1, CN=Easy-RSA CA
Wed Apr 01 13:03:00 2020 VERIFY nsCertType ERROR: CN=server, require nsCertType=SERVER
ERROR: TLS error! See log for details

Securepoint SSL Client 2.0.28 == working
Try to start OpenVPN connection <redacted>
Wed Apr 01 13:09:50 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Wed Apr 01 13:09:50 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Apr 01 13:09:50 2020 library versions: OpenSSL 1.1.0l  10 Sep 2019, LZO 2.10

Wed Apr 01 13:09:50 2020 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Wed Apr 01 13:09:50 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 01 13:09:50 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 01 13:09:50 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]<remoteIP>:1194
Wed Apr 01 13:09:50 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Apr 01 13:09:50 2020 UDP link local: (not bound)
Wed Apr 01 13:09:50 2020 UDP link remote: [AF_INET]<remoteIP>:1194
Wed Apr 01 13:09:50 2020 TLS: Initial packet from [AF_INET]<remoteIP>:1194, sid=5b546447 ec84eac9
Wed Apr 01 13:09:50 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Apr 01 13:09:50 2020 VERIFY OK: depth=1, CN=Easy-RSA CA
Wed Apr 01 13:09:50 2020 VERIFY OK: nsCertType=SERVER
Wed Apr 01 13:09:50 2020 VERIFY OK: depth=0, CN=server
Wed Apr 01 13:09:50 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1557'
Wed Apr 01 13:09:50 2020 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
Wed Apr 01 13:09:50 2020 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Wed Apr 01 13:09:50 2020 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Apr 01 13:09:50 2020 [server] Peer Connection Initiated with [AF_INET]<remoteIP>:1194
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment