5 replies to this topic

[JustinBull]

Hey all,

I'm having issues getting my OpenVPN VPN settings working on my Nexus One.

I need to get the CA certificate and user certificate over to the device. I had both certificates located at a website URL. The CA certificate was downloaded and saved by the phone. However, when I tried to download the user / client certificate I got a "No certificate to install" message. As a result, I cannot select a user certificate in the Add OpenVPN VPN window (I can set the CA cert, though).

I've tried putting the user certificate (client.crt) file on the SD card and installing from there (Security -> Install from SD card) but I got the same error.

Can't find an answer anywhere. I've googled and spent a fair amount of time looking around on forums and bug trackers.

Any help would be greatly appreciated. Note, I've tested the user certificate on my Mac and the VPN connection works just fine.


[EDIT]
Fixed the problem. Android expects certificate to be a .p12 file, not a separate .crt/.pem and .key files. See this link to convert your .crt and .key to .p12 http://ca.dutchgrid.nl/info/browser

Edited by JustinBull, 09 March 2011 - 07:01 PM.

[LoxDev]

JustinBull, on 08 March 2011 - 10:02 PM, said:

Hey all,

I'm having issues getting my OpenVPN VPN settings working on my Nexus One.

I need to get the CA certificate and user certificate over to the device. I had both certificates located at a website URL. The CA certificate was downloaded and saved by the phone. However, when I tried to download the user / client certificate I got a "No certificate to install" message. As a result, I cannot select a user certificate in the Add OpenVPN VPN window (I can set the CA cert, though).

I've tried putting the user certificate (client.crt) file on the SD card and installing from there (Security -> Install from SD card) but I got the same error.

Can't find an answer anywhere. I've googled and spent a fair amount of time looking around on forums and bug trackers.

Any help would be greatly appreciated. Note, I've tested the user certificate on my Mac and the VPN connection works just fine.

http://wiki.cyanogen...p?title=OpenVPN

But I think VPN is broken on Nexus One. Seems the kernel doesn't support it.

[KarboN]

I've been using OpenVPN on the Nexus One since CM6 and it always worked very well and still does in CM7 RC2.  Not sure the kernel has a problem.

As far as I remember, I've always imported the certificates as PKCS and never could under separate certificates.  I've tried generating a user key and import it in a standalone file and it would do the exact symptoms you are describing.

I generated a PKCS key and I could import it right away.  It seems possible to combine the keys you have into a p12 file using the openssl binary. You might want to give a look into http://ca.dutchgrid.nl/info/browser

[LoxDev]

At least PPTP VPN is broken

[Ian MacDonald]

I also have multiple openvpn sites. Some with user certs and others with username+crt.  I use a client app to connect, disconnect and store the .crt files locally.   Have not re-downloaded since CM 5.x.

[JustinBull]

KarboN, on 09 March 2011 - 12:18 AM, said:

I've been using OpenVPN on the Nexus One since CM6 and it always worked very well and still does in CM7 RC2.  Not sure the kernel has a problem.

As far as I remember, I've always imported the certificates as PKCS and never could under separate certificates.  I've tried generating a user key and import it in a standalone file and it would do the exact symptoms you are describing.

I generated a PKCS key and I could import it right away.  It seems possible to combine the keys you have into a p12 file using the openssl binary. You might want to give a look into http://ca.dutchgrid.nl/info/browser

Thanks man, this is the fix I needed.