Openvpn : connect error: Missing External PKI alias

Question

I just setup a openvpn server version 2.4.4, it work well with Openvpn client in Windows and Android, but error in Mac OS.

Tue Dec 10 10:50:31 2019 OMI Connecting to /Library/Application Support/OpenVPN/sock/ovpn-KTMpKfLsCR5a.sock [unix]
Tue Dec 10 10:50:35 2019 CLIENT_EXCEPTION : connect error: Missing External PKI alias [FATAL-ERR]
Tue Dec 10 10:50:35 2019 >FATAL:CLIENT_EXCEPTION: connect error: Missing External PKI alias

I'm testing in MacOS version 10.4.4 and Openvpn client 2.7.1.100. Below is client.ovpn

client
dev tun
proto tcp-client
remote vpn01 9443
resolv-retry infinite
cipher AES-256-CBC
redirect-gateway

# Keys
# Identity
key-direction 1
remote-cert-tls server
auth-user-pass
auth-nocache

# Security
nobind
persist-key
persist-tun
comp-lzo
verb 3

# Proxy ?
# http-proxy cache.univ.fr 3128
<ca>
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIUdu/viXgfwhA+wu0K49vvnXaCyFkwDQYJKoZIhvcNAQEL
BQAwHDEaMBgGA1UEAwwRdnBuMDEuaG9tZWNjYS5jb20wHhcNMTkxMjA5MTA1NTQ5

Any ideas or what might causing this issue?

Answer 1

I had this same problem with OpenVPN Connect client on MacOS - I switched to TunnelBlick client software, and using same .ovpn file it worked fine. Have not been able to find any clues on why OpenVPN Connect does not work though.

Answer 2

You should try to edit your *.ovpn profile:

Delete your profile in the openvpn client and then edit the .ovpn file you exported from the server and add the following line before

client-cert-not-required

I get this answer from https://forum.opnsense.org/index.php?topic=14687.0

This error was before:

Profile modification fixed this error.