My VPN provider supplied me with certificate which contains two CAs certificates - one for top-level (globalsign), second for alphassl.
On normal openvpn client with that config it works:
Tue Sep 24 19:08:23 2013 VERIFY OK: depth=2, C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
Tue Sep 24 19:08:23 2013 VERIFY OK: depth=1, O=AlphaSSL, CN=AlphaSSL CA - G2
I can’t separate them and add to mt openvpn config - it says “no certificate found (6)”.
It seems that openvpn client get last (CN) certificate from server:
Tue Sep 24 19:08:23 2013 VERIFY OK: depth=2, C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
Tue Sep 24 19:08:23 2013 VERIFY OK: depth=1, O=AlphaSSL, CN=AlphaSSL CA - G2
Tue Sep 24 19:08:23 2013 Validating certificate key usage
Tue Sep 24 19:08:23 2013 ++ Certificate has key usage 00a0, expects 00a0
Tue Sep 24 19:08:23 2013 VERIFY KU OK
Tue Sep 24 19:08:23 2013 Validating certificate extended key usage
Tue Sep 24 19:08:23 2013 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Sep 24 19:08:23 2013 VERIFY EKU OK
Tue Sep 24 19:08:23 2013 VERIFY OK: depth=0, OU=Domain Control Validated, CN=*.earthvpn.com
What i can do about that?