[Solution] How to solve Openvpn Client error --ca --cacert issue

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
kiitii
Posts: 1
Joined: Thu Feb 14, 2019 4:07 pm

[Solution] How to solve Openvpn Client error --ca --cacert issue

Post by kiitii » Thu Oct 17, 2019 10:47 am

For those who receive this error when using Openvpn client 2.x

Options error: You must define CA file (--ca) or CA path (--capath)
Use --help for more information.

I have a solution for you.

Step 1:-
Connect your VPN server with "softether vpn server manager".
At the main screen, click on "Encryption and Network".
Then you will see "Server Certificate Settings".
Choose "Export".
Choose "CER/" type.
Give a filename eg. myvpn.cer
It will prompt you for 2nd time for the private key. eg. myvpn.key

Step 2:-
Open the file myvpn.cer with Notepad. (Right click the file "open with")
You will see something like this in the file,

-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQsFADBnMRwwGgYDVQQDDBNsaW51
cy5zb2Z0ZXRoZXIubmV0MRwwGgYDVQQKDBNsaW51cy5zb2Z0ZXRoZXIubmV0MRww
.....
HikGNfO1z+sHZecZUBN5yvFRzotRsyjJTVxKLccFfHWUkq5kgLnO5UBaOYDioYKs
npbWXwsN5tL08/jjQ1V5/aVshps=
-----END CERTIFICATE-----


Step 3:-
Open you openvpn client config file and append the followings:-

<ca>
</ca>

Then copy the certificate value from "-----BEGIN, including the word "-----BEGIN", then paste it in between <ca> and </ca>
The result is something like this.

<ca>
-----BEGIN CERTIFICATE-----
MIIETjCCAzagAwIBAgIBADANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJNWTEM
MAoGA1UECBMDU0VMMRAwDgYDVQQHEwdQVUNIT05HMREwDwYDVQQKEwhJTkZPU1lU
RTEhMB8GCSqGSIb..........................................
d7FHgpFWX1xTfS/bNg72ypR+64XphSRWpe6/tMhLs3mMZpt6oFavloAHTwVSjuoF
tAkXWwOSMGXqxYotq4jQEFQToGShSspkw8h21ARRr/aB/qVCeBd29exx8SUZZHHR
b+/Pp7HtJrX3sTGrRMNWlKbGqu8Xo0sJfALQUbetn7rEkwES1gQ0rxhwDWebV5KZ
jws=
-----END CERTIFICATE-----
</ca>


After saving the config file, then try again. It works for me!

Post Reply