openvpn certificate signature failure

CentOS and Fedora has stopped support for md5 certificates

At client side if you get following error server log usually /var/log/messages

VERIFY ERROR: depth=0, error=certificate signature failure: <snip>
TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting

To fix this:

vi /etc/systemd/system/NetworkManager.service

and add following

.include /usr/lib/systemd/system/NetworkManager.service
[Service]
Environment="OPENSSL_ENABLE_MD5_VERIFY=1 NSS_HASH_ALG_SUPPORT=+MD5"

Now restart daemon

# systemctl daemon-reload
# systemctl restart NetworkManager.service

 Share!