Certificate Signature Failure

dwathledwathle
in Android VPN Setup

The following LogFile extract indicates a "certificate signature failure" when executed via
the "OpenVPN Settings" app on Android. The same configuration files (with Win-style paths)
work correctly when executed via OpenVPN on my PC. Web searches show that my HTC EVO 4G can/should run OpenVPN Settings under CyanogenMod-7 without any problem. Does anyone have any insights? 

Wed Feb 10 04:01:27 2016 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Feb 10 04:01:27 2016 LZO compression initialized
Wed Feb 10 04:01:27 2016 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Feb 10 04:01:27 2016 RESOLVE: NOTE: us-california.privateinternetaccess.com resolves to 13 addresses, choosing one by random
Wed Feb 10 04:01:27 2016 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 10 04:01:27 2016 Local Options hash (VER=V4): '41690919'
Wed Feb 10 04:01:27 2016 Expected Remote Options hash (VER=V4): '530fdded'
Wed Feb 10 04:01:27 2016 Socket Buffers: R=[112640->131072] S=[112640->131072]
Wed Feb 10 04:01:27 2016 UDPv4 link local: [undef]
Wed Feb 10 04:01:27 2016 UDPv4 link remote: 198.8.80.184:1194
Wed Feb 10 04:01:27 2016 MANAGEMENT: Client connected from 127.0.0.1:44770
Wed Feb 10 04:01:27 2016 MANAGEMENT: CMD 'state'
Wed Feb 10 04:01:27 2016 MANAGEMENT: CMD 'state on'
Wed Feb 10 04:01:27 2016 MANAGEMENT: CMD 'bytecount 0'
Wed Feb 10 04:01:27 2016 MANAGEMENT: >STATE:1455102087,AUTH,,,
Wed Feb 10 04:01:27 2016 TLS: Initial packet from 198.8.80.184:1194, sid=04433bd1 c78dcbc4
Wed Feb 10 04:01:27 2016 MANAGEMENT: CMD 'bytecount 0'
Wed Feb 10 04:01:27 2016 CRL CHECK OK: /C=US/ST=OH/L=Columbus/O=Private_Internet_Access/CN=Private_Internet_Access_CA/[email protected]
Wed Feb 10 04:01:27 2016 VERIFY OK: depth=1, /C=US/ST=OH/L=Columbus/O=Private_Internet_Access/CN=Private_Internet_Access_CA/[email protected]
Wed Feb 10 04:01:27 2016 VERIFY ERROR: depth=0, error=certificate signature failure: /C=US/ST=CA/L=LosAngeles/O=Private_Internet_Access/OU=Private_Internet_Access/CN=Private_Internet_Access/name=Private_Internet_Access/[email protected]
Wed Feb 10 04:01:27 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Feb 10 04:01:27 2016 TLS Error: TLS object -> incoming plaintext read error
Wed Feb 10 04:01:27 2016 TLS Error: TLS handshake failed
Wed Feb 10 04:01:27 2016 TCP/UDP: Closing socket

Thank you.

Comments

  • dwathledwathle
    PIA technical support blew me off. Their emails stated that PIA does not support rooted/custom devices. More importantly, the second email (I asked twice) stated: "In the case of OpenVPN, we cannot guarantee our certificate is compatible with your device." What?!! Since when are OpenVPN certificates device specific?  Good thing that I tried twice because I certainly don't want to waste anyone's time trying to chase down a certificate bug.  In any case, I am now assuming that PIA's device-specific certicate is causing the failure.  I will purchase a trial subscription to another VPN service to verify this presumption, and then report back. 

    If anybody has any better ideas, please let me know.  Thank you!

Sign In or Register to comment.