Cannot load certificate file in builds 1581 & 1589
Posted: Thu Jan 17, 2019 2:49 am
Multiple users on my team are running into this issue. When we update our Viscosity client to Version 1.7.13 Builds 1581 or 1589 we are not able to connect to our VPN service.
Failure state:
Failure state:
Code: Select all
Logs for when we roll back to 1.7.12 using the same user and cert file:
Jan 16 10:46:07: State changed to Connecting
Jan 16 10:46:07: Viscosity Windows 1.7.13 (1589)
Jan 16 10:46:07: Running on Microsoft Windows 10 Pro
Jan 16 10:46:07: Running on .NET Framework Version 4.7.03062.461814
Jan 16 10:46:07: Bringing up interface...
Jan 16 10:46:08: OpenVPN 2.4.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [AEAD] built on Jan 15 2019
Jan 16 10:46:08: library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.09
Jan 16 10:46:08: Checking remote host "*.*.*.*" is reachable...
Jan 16 10:46:08: Server reachable. Connecting to *.*.*.*.
Jan 16 10:46:09: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 16 10:46:09: OpenSSL: error:0906D066:PEM routines:PEM_read_bio:bad end line
Jan 16 10:46:09: OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Jan 16 10:46:09: Cannot load certificate file C:\Users\user\AppData\Roaming\Viscosity\OpenVPN\2\cert.crt
Jan 16 10:46:09: Exiting due to fatal error
Jan 16 10:46:09: State changed to Disconnected
Code: Select all
Jan 16 10:44:01: State changed to Connecting
Jan 16 10:44:01: Viscosity Windows 1.7.12 (1581)
Jan 16 10:44:01: Running on Microsoft Windows 10 Pro
Jan 16 10:44:01: Running on .NET Framework Version 4.7.03062.461814
Jan 16 10:44:01: Bringing up interface...
Jan 16 10:44:01: OpenVPN 2.4.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2018
Jan 16 10:44:01: library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.09
Jan 16 10:44:02: Checking remote host "*.*.*.*" is reachable...
Jan 16 10:44:02: Server reachable. Connecting to *.*.*.*.
Jan 16 10:44:03: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 16 10:44:03: TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1194
Jan 16 10:44:03: UDP link local (bound): [AF_INET][undef]:1194
Jan 16 10:44:03: UDP link remote: [AF_INET]*.*.*.*:1194
Jan 16 10:44:03: State changed to Authenticating
Jan 16 10:44:04: TLS Error: local/remote TLS keys are out of sync: [AF_INET]*.*.*.*:1194 [0]
Jan 16 10:44:04: [server] Peer Connection Initiated with [AF_INET]*.*.*.*:1194
Jan 16 10:44:05: State changed to Connecting
Jan 16 10:44:06: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Jan 16 10:44:06: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Jan 16 10:44:06: WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Jan 16 10:44:06: open_tun
Jan 16 10:44:06: TAP-WIN32 device [AWS EC2 Classic] opened: \\.\Global\{09AD6841-6227-42FA-9E3F-4BB51FF1986C}.tap
Jan 16 10:44:06: Notified TAP-Windows driver to set a DHCP IP/netmask of *.*.*.*/255.255.255.252 on interface {09AD6841-6227-42FA-9E3F-4BB51FF1986C} [DHCP-serv: *.*.*.*, lease-time: 31536000]
Jan 16 10:44:06: Successful ARP Flush on interface [2] {09AD6841-6227-42FA-9E3F-4BB51FF1986C}
Jan 16 10:44:06: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 16 10:44:10: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 16 10:44:10: Initialization Sequence Completed
Jan 16 10:44:11: State changed to Connected