[Solution] How to solve Openvpn Client error --ca --cacert issue
Posted: Thu Oct 17, 2019 10:47 am
For those who receive this error when using Openvpn client 2.x
Options error: You must define CA file (--ca) or CA path (--capath)
Use --help for more information.
I have a solution for you.
Step 1:-
Connect your VPN server with "softether vpn server manager".
At the main screen, click on "Encryption and Network".
Then you will see "Server Certificate Settings".
Choose "Export".
Choose "CER/" type.
Give a filename eg. myvpn.cer
It will prompt you for 2nd time for the private key. eg. myvpn.key
Step 2:-
Open the file myvpn.cer with Notepad. (Right click the file "open with")
You will see something like this in the file,
-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQsFADBnMRwwGgYDVQQDDBNsaW51
cy5zb2Z0ZXRoZXIubmV0MRwwGgYDVQQKDBNsaW51cy5zb2Z0ZXRoZXIubmV0MRww
.....
HikGNfO1z+sHZecZUBN5yvFRzotRsyjJTVxKLccFfHWUkq5kgLnO5UBaOYDioYKs
npbWXwsN5tL08/jjQ1V5/aVshps=
-----END CERTIFICATE-----
Step 3:-
Open you openvpn client config file and append the followings:-
<ca>
</ca>
Then copy the certificate value from "-----BEGIN, including the word "-----BEGIN", then paste it in between <ca> and </ca>
The result is something like this.
<ca>
-----BEGIN CERTIFICATE-----
MIIETjCCAzagAwIBAgIBADANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJNWTEM
MAoGA1UECBMDU0VMMRAwDgYDVQQHEwdQVUNIT05HMREwDwYDVQQKEwhJTkZPU1lU
RTEhMB8GCSqGSIb..........................................
d7FHgpFWX1xTfS/bNg72ypR+64XphSRWpe6/tMhLs3mMZpt6oFavloAHTwVSjuoF
tAkXWwOSMGXqxYotq4jQEFQToGShSspkw8h21ARRr/aB/qVCeBd29exx8SUZZHHR
b+/Pp7HtJrX3sTGrRMNWlKbGqu8Xo0sJfALQUbetn7rEkwES1gQ0rxhwDWebV5KZ
jws=
-----END CERTIFICATE-----
</ca>
After saving the config file, then try again. It works for me!
Options error: You must define CA file (--ca) or CA path (--capath)
Use --help for more information.
I have a solution for you.
Step 1:-
Connect your VPN server with "softether vpn server manager".
At the main screen, click on "Encryption and Network".
Then you will see "Server Certificate Settings".
Choose "Export".
Choose "CER/" type.
Give a filename eg. myvpn.cer
It will prompt you for 2nd time for the private key. eg. myvpn.key
Step 2:-
Open the file myvpn.cer with Notepad. (Right click the file "open with")
You will see something like this in the file,
-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQsFADBnMRwwGgYDVQQDDBNsaW51
cy5zb2Z0ZXRoZXIubmV0MRwwGgYDVQQKDBNsaW51cy5zb2Z0ZXRoZXIubmV0MRww
.....
HikGNfO1z+sHZecZUBN5yvFRzotRsyjJTVxKLccFfHWUkq5kgLnO5UBaOYDioYKs
npbWXwsN5tL08/jjQ1V5/aVshps=
-----END CERTIFICATE-----
Step 3:-
Open you openvpn client config file and append the followings:-
<ca>
</ca>
Then copy the certificate value from "-----BEGIN, including the word "-----BEGIN", then paste it in between <ca> and </ca>
The result is something like this.
<ca>
-----BEGIN CERTIFICATE-----
MIIETjCCAzagAwIBAgIBADANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJNWTEM
MAoGA1UECBMDU0VMMRAwDgYDVQQHEwdQVUNIT05HMREwDwYDVQQKEwhJTkZPU1lU
RTEhMB8GCSqGSIb..........................................
d7FHgpFWX1xTfS/bNg72ypR+64XphSRWpe6/tMhLs3mMZpt6oFavloAHTwVSjuoF
tAkXWwOSMGXqxYotq4jQEFQToGShSspkw8h21ARRr/aB/qVCeBd29exx8SUZZHHR
b+/Pp7HtJrX3sTGrRMNWlKbGqu8Xo0sJfALQUbetn7rEkwES1gQ0rxhwDWebV5KZ
jws=
-----END CERTIFICATE-----
</ca>
After saving the config file, then try again. It works for me!