Azure VPN / OpenVPN(SSL) Peer certificate verification failure

Question

We created a root crtificate, which unfortunately expired today in Azure VPN, I regenerated the certificate, upload it to Azure VPN, regenerated a client certificate and se up the OpenVPN configuration file. (After downloaadin the "VPN Client" from the Azure portal.

However, I keep getting "Peer certification verification failure" and I can't seem to understand why. Everything I read suggests that it is as there is a mismatch between the server and the client, however, I must be making the same mistakes, as I have followed the instructions below to generate the root certs, and the client certs::

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site#cer

I've used the following open-ssl command to generate convert to a PEM file:

"C:\Program Files\OpenSSL-Win64\bin\openssl" pkcs12 -in child.pfx -out child.pem -clcerts

Then followed this for creating the OVPN file for the iOS device. (I have downloaded the OpenVPN Client to my desktop machine to make it easier to test)

https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-cert-mac

I have done this more than once, as well as having "Reset" the VPN gateway, just to try and make sure that it isn't something weird going on.

Does anyone have any ideas as to where I am going wrong?

Answer 1

In case anyone comes across this, there are two things that I have done to fix this issue:

1. I ended up entering the name of the Root Certificate into the azure settings (the cn=psroot2025 part)

2. I had been using a windows version of OpenVPN to test the connections were working, by the looks of it, some versions of OpenVPN return the "Peer certification verification failure" error, although this is not the case. You need to download version 2.5.4 from https://openvpn.net/community-downloads/ instead of the latest and this seems to not have the same issue (I had originally installed vrsion 2.5.7.)

Hope that helps...