OPENVPN VERIFY ERROR: depth=0, error=certificate signature failure: /CN=blabla/C=DE/L=blabla/ST=blabla

If you start receiving the above error in the openvpn server logs, you need to add these two lines
to /etc/init.d/openvpn :
export NSS_HASH_ALG_SUPPORT=+MD5
export OPENSSL_ENABLE_MD5_VERIFY=1

…towards the beginning of that file..

apparently Openvpn has changed something again without telling us.. It stopped supporting MD5 — unless enabled. This caused me much grief, and I hope I can prevent yours.

Leave a Reply