OpenVPN server 1 - certificate field error

[brawlsadford]

I'm trying to set up OpenVPN servers on the RT-N66U (Merlin 378.55) but don't know much about networking in general or VPNs in particular.

When I switch 'Enable VPN server' in the GUI for Server instance = Server 1, I get the error:
"Certification Authentication / Server certification / Server Key field error!
Please check the Keys and Certification contents on the Advanced Settings page."

When I look at the server certificate it appears truncated after 3566 characters - there is no -----END CERTIFICATE----- text and I cannot paste or type any further text into the box without deleting some first.

Server instance 2, however, has 3865 characters in that field and appears to work fine. The only other change from default I made was pasting in new DF parameters (thanks to this snbforums thread) and it took me a while to figure out that only Firefox's clipboard/paste seemed to interact properly with the router GUI webpages.

Surely there are thousands of people running OpenVPN server 1 on their ASUS/Merlin routers? What am I doing wrong? Thanks in advance...

 

[john9527]

What am I doing wrong? Thanks in advance...

All of the key fields are limited to 3499 characters, which should be sufficient. Make sure you are only pasting from the BEGIN line to the END line (including those two) for each key and not anything else that may be in your source file. (See the note at the top of the panel where you enter the keys)

 

[brawlsadford]

Thanks john - good call and a schoolboy error. I did have loads of superfluous headers(?) sucking up the space:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-N66U/emailAddress=me@myhost.mydomain
Validity...

etc...

Presumably these fields were prepopulated by the firmware (using easy-RSA or similar) - am I naive to think that they are secure by default? Should I be generating my own?