"Certificate Verify Failed" Error Message When Connecting To Client VPN

Issue

When you try to connect to your Datto Networking Appliance's client VPN via OpenVPN, you see output similar to the following:

Wed Mar 13 11:37:33 2019 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, O=Datto Inc., CN=VPN Gateway
Wed Mar 13 11:37:33 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Mar 13 11:37:33 2019 TLS_ERROR: BIO read tls_read_plaintext error
Wed Mar 13 11:37:33 2019 TLS Error: TLS object -> incoming plaintext read error
Wed Mar 13 11:37:33 2019 TLS Error: TLS handshake failed

Environment

Datto Networking Appliance (DNA)
All OpenVPN Clients

Resolution

You must use the actual OpenVPN client. OpenVPN Connect will not function properly.

Download the Configuration File

1. From the GUI of your Datto Networking Appliance, download the OpenVPN config file from the DNA to the target computer by clicking the OpenVPN Config File on the Client VPN card, as shown in Figure 1.

For Windows clients, save the file to %systemroot%\Program Files\OpenVPN\config.
For Linux and Mac clients, save the file to the desktop.

Figure 1: OpenVPN Config File download link

Connect the VPN Client

Windows

1. Open the OpenVPNclient and click connect.

2. To log on to the network, use the email address from the username and password you created earlier on the Client VPN card.

3. If you are still unable to connect, reboot your Datto Networking Appliance, and attempt the connection again.

Linux

1. Launch OpenVPN with the --config argument to specify the configuration file to use:

openvpn --config client.ovpn

2. If you are still unable to connect, reboot your Datto Networking Appliance, and attempt the connection again.

Mac

1. Add the config file you saved in the Download the OpenVPN Config File section of this article to Tunnelblick by dragging it from the desktop into the left-hand pane shown in Figure 2.

Figure 2: Tunnelblick settings pane

2. Select the configuration in the Configurations sidebar, and click Connect.

3. Log in using the credentials you created in the DNA: Client VPN article.

4. If you are still unable to connect, reboot your Datto Networking Appliance, and attempt the connection again.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.