All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
ssl error on openconnect server
root@localhost:/etc/ocserv# ocserv -c /etc/ocserv/ocserv.conf -f -d 1
note: setting 'radius' as primary authentication method
note: setting 'radius' as accounting method
note: setting 'radius' as supplemental config option
listening (TCP) on 0.0.0.0:443...
listening (TCP) on [::]:443...
listening (UDP) on 0.0.0.0:443...
listening (UDP) on [::]:443...
ocserv[2139]: main: initialized ocserv 0.11.6
ocserv[2140]: sec-mod: reading supplemental config from radius
ocserv[2140]: GnuTLS error (at sec-mod.c:704): Decryption has failed.
ocserv[2139]: main: main.c:943: ocserv-secmod died unexpectedly
ocserv[2139]: main: termination request received; waiting for children to die
ocserv[2139]: main: main-sec-mod-cmd.c:94: command socket for sec-mod closed
ocserv[2139]: main: main.c:1200: error in command from sec-mod
ocserv[2139]: main: termination request received; waiting for children to die
root@localhost:/etc/ocserv#
I have comodo positive ssl files __srdns_co.crt file and __srdns_co.ca-bundle file . I setup the openconnect server and was working fine selfsigned certificates. Now i replace the certificates and it giving me the above errors. I did change the extenion to PEM for all files , One by one and test. But i am unable to run it successfully.
Any help will be greatly appreciated.
Comments
I resolved the issue with help of ssl agent paul from namecheap.
They private key was password protected.
It was generated in time csr creation. As i was unable to remind the password so i reissued the certificate with new csr and private key. This time i create the csr and private key unprotected.
I got two file server.key and server.csr
I uploaded the server.csr to the portal to reissue the certificate. Once the certificate is reissued i download the certificate with files. mydom_co.ca-bundle and mydom.crt
In-order to install correctly on server we have to combine both the files. by opening mydom_co.ca-bundle in text editor and copy the contents and open mydom.crt and past after the contents End Part.
upload the combined-file.crt to server and placed under ocserv folder. I also updated the configuation file ocserv.conf accordingly. update the server-cert = ../path/ocserv/combined-file.crt
We did check the certificate through ssl checker and find everything fine.
I started the server with following command to check .
note: setting 'radius' as primary authentication method
note: setting 'radius' as accounting method
note: setting 'radius' as supplemental config option
listening (TCP) on 0.0.0.0:443...
listening (TCP) on [::]:443...
listening (UDP) on 0.0.0.0:443...
listening (UDP) on [::]:443...
ocserv[3645]: main: initialized ocserv 0.11.6
ocserv[3646]: sec-mod: reading supplemental config from radius
ocserv[3646]: sec-mod: sec-mod initialized (socket: /var/run/ocserv-socket.3645)
Hope it help someone.