Https server error "self signed certificate in certificate chain" [actix_web + rustls]

Hello. I am creating a program for secure communication between server and client via http + tls (actix_web + rustls). Server must accept only clients with certificates and ignore other. I generated certificates and keys according to instructions for openvpn/easy-rsa (certificates in attachment).
Using examples from rustls and actix_web i wrote basic server code listed below

[dependencies]
actix-rt = "1.0"
actix-web = { version = "2.0", features=["rustls"] }
rustls = "0.16.0"
use actix_web::{middleware, web, App, HttpResponse, HttpServer, Responder};
use std::sync::Arc;
use std::fs::File;
use std::io::BufReader;
use rustls::internal::pemfile::{certs, pkcs8_private_keys};
use rustls::{NoClientAuth, ServerConfig, AllowAnyAuthenticatedClient, RootCertStore};

async fn index() -> impl Responder {
    "Hello world!"
}

fn make_config() -> ServerConfig {
    let mut file_root_crt = BufReader::new(File::open("ca.crt").unwrap());
    let mut file_server_crt = BufReader::new(File::open("server.crt").unwrap());
    let mut file_server_key = BufReader::new(File::open("server.key").unwrap());

    let mut client_auth_roots = RootCertStore::empty();
    let root_certs = certs(&mut file_root_crt).unwrap();
    for root in root_certs.iter() {
        client_auth_roots.add(root).unwrap()
    }
    let client_auth = AllowAnyAuthenticatedClient::new(client_auth_roots);

    let mut config = ServerConfig::new(client_auth);
    let mut server_certs = certs(&mut file_server_crt).unwrap();
    server_certs.extend(root_certs);
    let mut server_key = pkcs8_private_keys(&mut file_server_key).unwrap().remove(0);

    config.set_single_cert(server_certs, server_key);
    config
}

#[actix_rt::main]
async fn main() -> std::io::Result<()> {
    let config = make_config();

    let http_server = HttpServer::new(move || {
        App::new()
            .wrap(middleware::Logger::default())
            .route("/api", web::post().to(index))
    })
        .bind_rustls("127.0.0.1:8088", config)?
        .run()
        .await;

    Ok(())
}

But i got an error: sending request to https://127.0.0.1:8088/api leads to "Error: self signed certificate in certificate chain" (using Postman). How to fix it?

ca.crt

-----BEGIN CERTIFICATE-----
MIIG0TCCBLmgAwIBAgIUJS5pqK0R/CB2A3tUDRjYN1W8CCgwDQYJKoZIhvcNAQEL
BQAwgZkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJh
bmNpc2NvMRAwDgYDVQQKEwdPcGVuVlBOMREwDwYDVQQLEwhjaGFuZ2VtZTENMAsG
A1UEAxMEcm9vdDERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1h
aWxAaG9zdC5kb21haW4wHhcNMjAwNjA0MTA0MzEwWhcNMzAwNjAyMTA0MzEwWjCB
mTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lz
Y28xEDAOBgNVBAoTB09wZW5WUE4xETAPBgNVBAsTCGNoYW5nZW1lMQ0wCwYDVQQD
EwRyb290MREwDwYDVQQpEwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBo
b3N0LmRvbWFpbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPXdFpSD
+chKvaQkjJ2M2111Z2O9hv67nYZ+Q6vVaXzVVxDPHXK0pSGAOyP0WskxS6RDWqAr
UFuFdkTsVZIMk/pcLVdmmQrUcGXMz+YVXlHJl48QqS/HmEVS8XmyBnDsA+fwyxxT
vQ2bIRc/DqD8FLFuQZAHMAHyoC9leI1b2je+oGQHllH1iedLl2ZX3o1k9z+L2V1/
MsyPapsvcdn1gQU1pJW1R0ydCqStnWbsgJ0Yn2JMTpnrm8a6Rq5K7R6WXrjdhf51
EvzJ/CNGxuMaelpBGfvS+ajgs+ylJFV57guwZKcjrl4gyjmI/5s797+WGUGNo892
pdKZAahDnJkIjJh5cHynmMRhKPNjRDSu9jLCbuAU2YAxnYKna5+y+mbvchIXa63W
P2jaj3PYE0afwkFQBYq+eRpJV9ys1TzIOZCY9i/xe7IRk4p2MsZVcd+Xa87g5RQA
lF9tAwWF6DQ6s8Yhj489XoEjpRXRfdw7/Ez96DEHfFamNljh/V9XhpX89n2sX5yr
O74i0vPGW6pbvmLILgQkTl2VBkJyCXxvlTaCtGSBAOSOr47v540nblQy7Wzivvz4
57NGDDJ0t+LM/4zvMCvlPFtsgrvzzgvgJ5qV7V1rTuwcNYl17P+OFzBk0zjA7B57
PVTK9tTxR0LnmHpzF6k1F81p9Oqyl/+1Jb+BAgMBAAGjggENMIIBCTAdBgNVHQ4E
FgQUq5Fb7CPFqi38+41Xo7V2wVrVgwEwgdkGA1UdIwSB0TCBzoAUq5Fb7CPFqi38
+41Xo7V2wVrVgwGhgZ+kgZwwgZkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEV
MBMGA1UEBxMMU2FuRnJhbmNpc2NvMRAwDgYDVQQKEwdPcGVuVlBOMREwDwYDVQQL
EwhjaGFuZ2VtZTENMAsGA1UEAxMEcm9vdDERMA8GA1UEKRMIY2hhbmdlbWUxHzAd
BgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6CFCUuaaitEfwgdgN7VA0Y2DdV
vAgoMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAEiJaTt4VCp9o1pn
59xVKYp6shV8PtvBNuvBRhaY2V6vdehcB4XYaQjIqMReEJthYyg9uimA9c2sDfs0
xTlmpHwU4y1D55m8ALjQc3Qr2hQXnferai7aMKUoIhzZlRdRngzSiXOmOXt3zsUO
Jg2v5jd6fpPK6EHG8jRCVBxfA3MTVbZcr91tsNnFEnjzyM8ICpc8XjTAihotRn8T
rCwfmpFS5cjdMhLaT8IEPHxsWzE0ChANDOcdX1XBDG5uaA0sCRv6g4WLJ+dUTjS2
9uBaj4m4xyldNIdoNlyQGlF14TFqqlfewBOrHBSzriRiDgSs9CnHR7EpxyHciFaM
/8lU9SvKM8ALRVxdfXoGDoVHPHjq1aDPd2A2NqdH+PgQJJp1eh+/52NfiNeW7viG
jobsJVbfUa8FhizRcD82PcSL0YaEUmZT6kJMbMF4l/YbaG/nm4Swp288UDe6Mv0O
j5W/kusjFIOfRuZcpAyj+gS1Ub4bStFtYIceZJ65zgFuV4AVeQXAwiakNRJ56wqG
cNpf6p5yKZ8TcGjYhCTjORVCrN0PyskMbZdymnJzU054aFcKNILP5YIP+6xTZJM8
T8/RmbDwejU+4ZDorOj2wP6gHMjZ1yt1MG2oSyLwXwBFg57jWDHP5S4F5re3k3cI
csDz9SZjJmSO+iPgQha2269ITnl+
-----END CERTIFICATE-----

server.crt

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=root/name=changeme/emailAddress=mail@host.domain
Validity
Not Before: Jun 4 10:43:31 2020 GMT
Not After : Jun 2 10:43:31 2030 GMT
Subject: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server/name=changeme/emailAddress=mail@host.domain
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:9c:07:8f:e5:94:b4:31:54:29:d7:57:c4:8b:21:
8e:1e:e4:85:e2:cc:66:9c:c1:91:aa:56:c6:e7:07:
98:87:97:5b:70:2b:fb:1c:8d:61:c5:d0:47:60:92:
16:a5:be:36:fd:b4:48:64:df:16:d7:88:f8:a1:1e:
c9:c9:52:ec:aa:a6:e1:4c:69:a6:06:cd:30:89:fd:
c4:71:a7:8e:04:c9:17:f1:ef:45:64:05:d1:6a:a9:
e9:63:0b:30:d5:61:57:9c:ea:5c:5e:4c:55:a9:1c:
93:ce:05:1f:24:70:99:0a:fa:c8:b3:17:24:9c:4c:
a3:ef:68:48:7a:47:cb:9a:84:74:f5:09:a0:25:4d:
64:3b:a6:b0:82:f9:65:7d:56:36:f4:be:a4:3d:36:
6e:86:1e:b0:0b:bb:49:70:ea:26:83:9b:65:04:2c:
a9:cb:69:fa:02:e6:9c:61:e3:c0:c9:ad:a3:cc:24:
44:42:9f:aa:fc:db:eb:bb:e4:6a:b8:ba:12:21:e7:
89:a0:2c:08:79:d8:d9:1c:fd:bb:b8:f3:10:11:2c:
8e:b3:88:f0:31:15:8c:ba:4b:4d:1f:91:b8:3e:87:
4d:fd:9e:1e:09:26:27:dd:ba:14:9d:a2:b8:9a:3d:
6f:ed:a0:91:44:d5:5b:ce:51:ff:ce:2c:fc:c8:e2:
d1:ff:38:cc:cd:a2:e6:28:10:a2:14:20:d6:c2:02:
f1:64:60:6a:07:4a:f8:d7:f1:c8:33:b2:47:05:1e:
f0:ac:31:31:fe:91:1d:d1:69:e9:05:85:04:a1:76:
bd:c8:86:4f:82:fc:5c:e6:f7:da:e5:c4:b2:6f:fe:
0f:84:ef:af:26:f6:65:fe:47:81:bc:74:07:ca:ad:
63:46:12:cd:cb:b5:18:9b:9a:0a:02:f8:f4:12:a0:
93:f2:65:87:60:e2:83:ac:1b:94:4c:75:75:6c:42:
ab:79:eb:a2:be:5a:52:dc:33:33:22:1a:52:f3:14:
db:c0:3e:48:a3:0f:b1:c5:4b:c6:c4:4a:75:ff:8e:
f9:ed:8f:f8:34:91:a3:73:bc:1f:fd:87:cb:dd:bc:
71:18:66:2c:7c:87:c1:e9:04:a3:1c:dd:eb:17:83:
01:5e:89:8b:0c:81:74:36:50:45:36:c8:e0:be:d0:
3f:ac:5a:df:bf:34:f2:2b:ee:4b:0b:4b:e9:f5:aa:
f5:b8:95:14:22:17:82:85:f0:21:83:ca:37:c2:db:
19:d5:3d:9d:e0:01:a9:33:2a:a7:a5:f0:5c:29:5a:
d9:3c:fa:e9:80:bc:23:4f:fd:0a:22:af:c3:30:44:
95:71:4e:d1:52:e3:3f:73:cc:db:d4:88:4c:81:a0:
91:d7:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Netscape Comment:
Easy-RSA Generated Server Certificate
X509v3 Subject Key Identifier:
AE:F8:87:A3:85:C3:53:42:B0:F3:7C:1E:6A:DF:2F:E9:EA:5D:09:14
X509v3 Authority Key Identifier:
keyid:AB:91:5B:EC:23:C5:AA:2D:FC:FB:8D:57:A3:B5:76:C1:5A:D5:83:01
DirName:/C=US/ST=CA/L=SanFrancisco/O=OpenVPN/OU=changeme/CN=root/name=changeme/emailAddress=mail@host.domain
serial:25:2E:69:A8:AD:11:FC:20:76:03:7B:54:0D:18:D8:37:55:BC:08:28

        X509v3 Extended Key Usage: 
            TLS Web Server Authentication
        X509v3 Key Usage: 
            Digital Signature, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
     ab:d8:0d:21:46:85:31:59:3b:f0:7e:0f:3b:b0:39:8c:7f:fd:
     cc:05:a1:f8:81:ea:4d:fc:46:95:1c:8f:f3:f7:af:95:15:ed:
     9a:72:17:0f:87:35:99:97:99:46:6f:9a:6f:02:74:b5:6c:3b:
     95:6b:1a:b0:89:e7:8b:aa:00:7b:a4:da:75:c8:4c:da:55:c1:
     b8:b7:61:50:02:61:ad:d6:bf:9e:ed:16:65:90:54:c4:80:ac:
     f9:02:ca:e7:d1:81:08:6e:1c:bb:f7:a1:79:64:ab:8c:e2:6c:
     d7:6f:80:95:5d:bd:63:f6:a3:a9:93:17:e9:dd:85:4e:0e:10:
     fb:e7:6d:b6:6f:0b:2f:af:cf:2f:67:1c:9f:43:f1:44:3d:68:
     4a:fd:a1:fa:58:2d:d3:1e:ed:af:df:04:f3:04:95:ca:12:69:
     eb:32:57:11:85:e4:79:9c:a6:b2:63:d9:e0:6b:8b:e9:73:bd:
     83:39:a4:8f:2b:e9:55:dc:46:2d:08:a3:33:3f:ff:fd:e1:24:
     67:d9:b8:79:92:fe:24:c4:c9:b3:07:08:79:67:74:22:d4:30:
     a1:ac:a5:16:75:71:f6:07:96:8f:3e:14:50:40:8e:b3:d7:03:
     3b:66:9f:be:8f:80:d4:1c:6d:0b:32:62:55:fd:f8:df:bc:68:
     5c:82:c0:39:6d:b9:e0:4d:00:f9:cc:90:0e:1a:c5:09:85:cc:
     b4:90:4e:80:12:cb:9b:c7:45:00:78:c0:a5:b1:e2:d8:30:d8:
     3f:cf:53:20:ac:00:c9:f3:04:71:53:7b:0a:92:34:09:4e:70:
     56:c7:d1:87:2e:45:c6:ab:85:5f:57:16:28:00:c4:82:1b:97:
     ce:d9:21:6b:a0:2c:00:92:20:cd:65:7e:74:d7:67:1c:bb:3b:
     90:d0:7d:d7:52:12:6c:32:7f:82:f8:0d:12:f5:0f:49:ae:c0:
     b0:aa:11:20:a2:fe:75:63:8b:fc:3a:e8:bb:93:be:65:49:74:
     6c:7f:10:e3:64:b8:05:cb:14:96:5a:de:96:8c:86:f2:8f:01:
     d0:e1:21:5e:cc:77:e0:d4:07:60:9d:f5:60:7e:93:14:94:10:
     cb:d8:50:cd:96:6c:c9:e2:55:d2:a4:59:48:72:5d:c5:93:9d:
     1d:b6:34:34:1b:3c:d5:40:12:df:11:d6:7f:8e:48:18:36:1e:
     85:46:e3:ef:c6:54:56:e4:99:a7:a8:5b:e0:a6:44:4b:93:39:
     c1:55:99:00:ca:a7:34:80:d4:48:79:3e:0d:43:63:80:9a:e0:
     15:ef:59:c1:48:81:f8:93:11:f3:90:95:ab:20:8c:f8:97:bb:
     17:d2:ef:a3:85:bb:5d:8c

-----BEGIN CERTIFICATE-----
MIIHKDCCBRCgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xEDAOBgNVBAoTB09w
ZW5WUE4xETAPBgNVBAsTCGNoYW5nZW1lMQ0wCwYDVQQDEwRyb290MREwDwYDVQQp
EwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRvbWFpbjAeFw0y
MDA2MDQxMDQzMzFaFw0zMDA2MDIxMDQzMzFaMIGbMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEQMA4GA1UEChMHT3BlblZQ
TjERMA8GA1UECxMIY2hhbmdlbWUxDzANBgNVBAMTBnNlcnZlcjERMA8GA1UEKRMI
Y2hhbmdlbWUxHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW4wggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCcB4/llLQxVCnXV8SLIY4e5IXizGac
wZGqVsbnB5iHl1twK/scjWHF0Edgkhalvjb9tEhk3xbXiPihHsnJUuyqpuFMaaYG
zTCJ/cRxp44EyRfx70VkBdFqqeljCzDVYVec6lxeTFWpHJPOBR8kcJkK+sizFySc
TKPvaEh6R8uahHT1CaAlTWQ7prCC+WV9Vjb0vqQ9Nm6GHrALu0lw6iaDm2UELKnL
afoC5pxh48DJraPMJERCn6r82+u75Gq4uhIh54mgLAh52Nkc/bu48xARLI6ziPAx
FYy6S00fkbg+h039nh4JJifduhSdoriaPW/toJFE1VvOUf/OLPzI4tH/OMzNouYo
EKIUINbCAvFkYGoHSvjX8cgzskcFHvCsMTH+kR3RaekFhQShdr3Ihk+C/Fzm99rl
xLJv/g+E768m9mX+R4G8dAfKrWNGEs3LtRibmgoC+PQSoJPyZYdg4oOsG5RMdXVs
Qqt566K+WlLcMzMiGlLzFNvAPkijD7HFS8bESnX/jvntj/g0kaNzvB/9h8vdvHEY
Zix8h8HpBKMc3esXgwFeiYsMgXQ2UEU2yOC+0D+sWt+/NPIr7ksLS+n1qvW4lRQi
F4KF8CGDyjfC2xnVPZ3gAakzKqel8FwpWtk8+umAvCNP/Qoir8MwRJVxTtFS4z9z
zNvUiEyBoJHXMwIDAQABo4IBdTCCAXEwCQYDVR0TBAIwADARBglghkgBhvhCAQEE
BAMCBkAwNAYJYIZIAYb4QgENBCcWJUVhc3ktUlNBIEdlbmVyYXRlZCBTZXJ2ZXIg
Q2VydGlmaWNhdGUwHQYDVR0OBBYEFK74h6OFw1NCsPN8HmrfL+nqXQkUMIHZBgNV
HSMEgdEwgc6AFKuRW+wjxaot/PuNV6O1dsFa1YMBoYGfpIGcMIGZMQswCQYDVQQG
EwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEQMA4GA1UE
ChMHT3BlblZQTjERMA8GA1UECxMIY2hhbmdlbWUxDTALBgNVBAMTBHJvb3QxETAP
BgNVBCkTCGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9tYWlu
ghQlLmmorRH8IHYDe1QNGNg3VbwIKDATBgNVHSUEDDAKBggrBgEFBQcDATALBgNV
HQ8EBAMCBaAwDQYJKoZIhvcNAQELBQADggIBAKvYDSFGhTFZO/B+DzuwOYx//cwF
ofiB6k38RpUcj/P3r5UV7ZpyFw+HNZmXmUZvmm8CdLVsO5VrGrCJ54uqAHuk2nXI
TNpVwbi3YVACYa3Wv57tFmWQVMSArPkCyufRgQhuHLv3oXlkq4zibNdvgJVdvWP2
o6mTF+ndhU4OEPvnbbZvCy+vzy9nHJ9D8UQ9aEr9ofpYLdMe7a/fBPMElcoSaesy
VxGF5HmcprJj2eBri+lzvYM5pI8r6VXcRi0IozM///3hJGfZuHmS/iTEybMHCHln
dCLUMKGspRZ1cfYHlo8+FFBAjrPXAztmn76PgNQcbQsyYlX9+N+8aFyCwDltueBN
APnMkA4axQmFzLSQToASy5vHRQB4wKWx4tgw2D/PUyCsAMnzBHFTewqSNAlOcFbH
0YcuRcarhV9XFigAxIIbl87ZIWugLACSIM1lfnTXZxy7O5DQfddSEmwyf4L4DRL1
D0muwLCqESCi/nVji/w66LuTvmVJdGx/EONkuAXLFJZa3paMhvKPAdDhIV7Md+DU
B2Cd9WB+kxSUEMvYUM2WbMniVdKkWUhyXcWTnR22NDQbPNVAEt8R1n+OSBg2HoVG
4+/GVFbkmaeoW+CmREuTOcFVmQDKpzSA1Eh5Pg1DY4Ca4BXvWcFIgfiTEfOQlasg
jPiXuxfS76OFu12M
-----END CERTIFICATE-----

server.key

-----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCcB4/llLQxVCnX
V8SLIY4e5IXizGacwZGqVsbnB5iHl1twK/scjWHF0Edgkhalvjb9tEhk3xbXiPih
HsnJUuyqpuFMaaYGzTCJ/cRxp44EyRfx70VkBdFqqeljCzDVYVec6lxeTFWpHJPO
BR8kcJkK+sizFyScTKPvaEh6R8uahHT1CaAlTWQ7prCC+WV9Vjb0vqQ9Nm6GHrAL
u0lw6iaDm2UELKnLafoC5pxh48DJraPMJERCn6r82+u75Gq4uhIh54mgLAh52Nkc
/bu48xARLI6ziPAxFYy6S00fkbg+h039nh4JJifduhSdoriaPW/toJFE1VvOUf/O
LPzI4tH/OMzNouYoEKIUINbCAvFkYGoHSvjX8cgzskcFHvCsMTH+kR3RaekFhQSh
dr3Ihk+C/Fzm99rlxLJv/g+E768m9mX+R4G8dAfKrWNGEs3LtRibmgoC+PQSoJPy
ZYdg4oOsG5RMdXVsQqt566K+WlLcMzMiGlLzFNvAPkijD7HFS8bESnX/jvntj/g0
kaNzvB/9h8vdvHEYZix8h8HpBKMc3esXgwFeiYsMgXQ2UEU2yOC+0D+sWt+/NPIr
7ksLS+n1qvW4lRQiF4KF8CGDyjfC2xnVPZ3gAakzKqel8FwpWtk8+umAvCNP/Qoi
r8MwRJVxTtFS4z9zzNvUiEyBoJHXMwIDAQABAoICAEH4uJD7xQyuZ1qT05h4QZ0y
RqHUhvZ0qeB5/HOmtIlwJ8tP7UbvSI3ZOLTOUCEYQiwXVBzCbugHFAkb+XnURBkL
omsqqHZrv8A4uhzMGbJQTH2RC6f1BcyxtuqXyrgOBntkZFXCtN1iJeSQKdDAgxUv
YDjI6kPj69TIJQz+2kmlA8avoTTkeiL2od9fD9hk4auuB8eSAj1XMFxlffHuLwaq
Z5XSRKCrWHhthWWmZNdhQcaI9wuscyGi4xN4yt78XbpUKc69j3/lfjdR2VOkAgEg
891ZYyV91RjXye41MM/Padx4RH7d0TFhAmJ8cM1WeMLih0mxZLXh2eUVBHTz4pH8
IBji89oAVTppcaM7UtqeMVvGE0T61b1hIrzstF+dImyym2kWgNIeaV+C9fA6yI1C
cBwb+J7U6zem3g+MRxmv4dqFzByfSoNwieMLdl7x9v+DnZEAjmNKSJYU3ficlaDL
743WN2DXW/byYz4o1VM7SbI0mZRmrJ8bCn92j0AtQgZ+fAFWY2tROxRQ/kediZnv
3zv5WYY98sVHYLZJ465bl788tsjxBvHgxFM9y0D9VJgeZJwT/+93U8mbVKWlDeki
xZ9oCvxr0X6qkyyLaXxMrU3FoFUNVBCUEtDmUOjzAZkOavSJ4bhPArcnKgoECPCB
Gm5fAu3JsGOmgyg/DdFxAoIBAQDNqtMluKq82d4AtojqdNvvhQI5iZl0Tp0Ig+Iw
BtztNxJ5lVCe/UkVW0Rw2T4MDQHulAGmO7wVktJDiVsl4rzGLbxECbeevRcN9Mi0
mH/M6AyLLgCpT6PyIZ7/vR/Kha5zfwGtOPaiLGz0RkWdXbNzjO9N1JemGuHPwzOE
dd26VnZpEZDO31Jwq47UDVz7JzULOPnmVa+I4Dm/37f93i6YPGJ2z2X8XFNm13qv
ltbWCT/w9njVFFb4o2nKZEYP+vy0OLpLct1aV9cikOXaKxWK9/CMGcKZO9AMBdOt
d6unzer0+TJqt0LZ3h8L7tcM9oT+LhWiPVYZ7roWldTdvODvAoIBAQDCNudWRtAV
nSJsNsu4jXockL8CG38HlaJ/tRMospjfoXnpmSKiXU8Yi/xK2rM7Oiupfzj7eY32
pdjMj3QQIn/2uSsylFvdogk8YdY2OqtpdLUF1SX4gpC1w8A7kcZO8NdD5a3EGsQX
oQuwJhapOphv20mrsuDVt3wLW78rm8Z9S/sGRJkm1FvZyPJrd/cyVgFAyiNMvA2c
al3/BO53Z+V3IEvyGvhZmHWEdy/6DNv/k4q+bU0W26dJRFjdr6mrR87+/ZGusiu2
qd/lXWgXDerqA2IuYhxbnMNnB+qtc58NIihR/YIaAcT1iuR9G+Y70yJlozBOgMTf
tocxJa2b6yX9AoIBAD6M4cLrMyJUsKxO171W5T0nmtGdA8rXzfK1CanJrI+I3FmW
C/sO1ZdlNp+Lss8/dYL2CLpiGIYHLWPU9p/DId60MjoPKoVgxQ49kH08lEHhoU8D
IrhbvGT7zLvC7VRO7Au8aOoiFQCluk1gwfNmeBmAl5d4PNcL/fmOSLDUmCb//Otf
qEcCrLQPuVTM66aG+h77qSVgkg5zA51TkUXouQsb8mZoFYB3I/Z3Op0EpzpZfdTv
YTiNAxaDvL0NWjGqCAlX53Di8mdzp76fiwibaeXmGobBnumzw0akzwhHCTHz8q2m
zKqgKfjREWgzr7wFjdUwduvs867XaElOMHtv4okCggEAYdf5Oi0YvhrY8b21arfT
8jo2EKC7oZ2QLViTW2iGvfuDCN2+ZiAuLgawRyHhNBB9WLogggjeLYmmLICFD2/i
GfF1wtidY44zqvj7S3zJSKqkXFji9U0KDJie6yPozXJmcO1wWqDFc8YNtmOp/P3p
OEk410iaHvF+i9Zf/F9RY2R5BdJfegF4eMLU5rGclv5fST3NBOak0M2Bp23bmcp8
/0QFHubZgYHeiqrlP8tktmClgIReVwq4P6AwSRcrmn/l1+71ixZ2EWOJyesB+sNn
OxgTSZzh/oF+rBR/9XyPf7VarNvTxLhpeu7LaAA7QJ6A8MWDG7mh9bbmays5SJjy
HQKCAQAzhc3t/krz380M6g004+gFKopckGDacswm3R6btxMz3aFHrwGxqVt3i+3G
Iq6ovidtR06NpHhC9SWy7t7NT6Q0Gg5EC6eQ34Fo5wsMa3qSNK0+yYn8aXETzQdU
xruii5FR0+Ode2OX7AjKwDO8HLQwEE/0pBxj06UN7Z7rxjWYh5L/djLE/3Fm7/v+
EiI5ajuG7xRHNtDq+c39tMp/aRos6+9xvMByEjGpm2JsueQRCg0J/JNjzIbL22Ze
kjb0Cpqr05feAmfh/mtQ7cOoQcpOeudASdt0iFmKtgeAFuPxzRuO8bZ+6itnJp9s
+5UHPrXsASlsW+blMkuy4zxe+Idn
-----END PRIVATE KEY-----

client0.crt

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=root/name=changeme/emailAddress=mail@host.domain
Validity
Not Before: Jun 4 10:43:53 2020 GMT
Not After : Jun 2 10:43:53 2030 GMT
Subject: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=client0/name=changeme/emailAddress=mail@host.domain
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:f1:72:e4:68:7c:b2:f0:97:bf:5b:ed:a3:86:72:
88:9b:56:3b:c0:97:71:a3:d6:81:c6:ef:fd:9b:d4:
3a:d4:77:e4:d3:fd:ff:a9:3a:7a:f3:d8:be:5a:f0:
e3:0a:4b:8c:aa:29:7c:57:eb:9f:a3:28:2e:30:da:
7e:6b:73:42:c9:a2:c6:32:c8:e6:ed:a5:0d:53:e6:
7c:be:b8:2d:59:25:68:6a:f0:a1:14:c6:01:5a:61:
16:b2:39:ac:be:52:fd:de:a8:ec:a3:2d:bf:68:05:
35:c8:cf:6c:9a:02:d1:45:3d:05:c1:53:97:54:43:
e8:73:7d:50:e9:16:30:5f:b4:cb:04:75:4f:55:f8:
84:e4:a9:64:ae:bf:43:5c:eb:ab:09:ba:f5:e4:70:
5b:43:e3:64:79:10:1c:0a:b9:e6:08:ef:e2:99:5e:
38:bf:0b:7a:f3:c9:50:5a:c3:bd:40:75:7a:d2:ce:
31:d5:17:30:b6:0d:44:ef:9e:48:e9:cd:98:4e:ef:
53:b3:23:e2:d5:d8:16:5c:2a:d3:d3:50:68:af:aa:
9c:81:99:99:94:e9:97:73:c4:fa:de:eb:46:e6:8b:
f7:d6:b7:e1:05:c5:b9:73:30:99:8f:8f:6c:1a:9f:
12:6a:94:a7:99:58:9d:95:12:3a:ee:23:d6:b6:e7:
1e:19:d2:48:06:f8:c5:66:fa:ed:91:65:17:16:9a:
fa:f6:dd:66:94:de:b4:ce:9f:fc:af:09:18:95:67:
bb:28:78:0a:17:8e:47:fc:e0:b7:16:c1:0f:ab:b6:
07:b8:c3:88:42:a7:cd:d1:ab:47:db:83:5a:81:8a:
d8:63:3e:5d:aa:65:69:4d:1a:c8:e0:ec:8c:dd:0c:
0a:66:78:eb:e2:39:69:68:e0:07:f2:08:c3:10:6e:
77:4f:84:16:d3:2e:76:bc:b9:ff:38:24:e5:b9:89:
0c:05:d7:42:5a:f1:1d:59:2b:12:a2:4f:2c:46:27:
74:06:48:af:3d:02:e2:48:20:f6:bb:9e:77:33:06:
f6:fd:71:22:49:60:19:d1:dc:32:60:2e:5b:4f:dd:
1c:26:45:50:45:13:c2:2a:46:0c:4d:0c:c0:1d:5e:
f2:2a:79:30:77:0e:07:ab:3b:4a:43:63:db:41:46:
02:3d:0c:be:4e:8d:10:e5:91:74:03:58:36:f9:15:
b1:2b:d1:84:c1:56:a3:0e:77:90:7b:4f:08:b6:05:
7b:fb:3f:99:74:71:ef:3b:2d:6a:08:50:ed:db:95:
09:f8:0b:eb:26:41:c1:4c:11:27:8f:af:ce:ff:95:
07:a6:2c:bb:de:6e:a0:b6:7c:c3:30:8d:e2:72:63:
f7:b8:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
91:A0:D5:2E:6B:49:8D:A3:C9:D2:1D:65:B7:AC:DC:F5:EB:C9:00:7A
X509v3 Authority Key Identifier:
keyid:AB:91:5B:EC:23:C5:AA:2D:FC:FB:8D:57:A3:B5:76:C1:5A:D5:83:01
DirName:/C=US/ST=CA/L=SanFrancisco/O=OpenVPN/OU=changeme/CN=root/name=changeme/emailAddress=mail@host.domain
serial:25:2E:69:A8:AD:11:FC:20:76:03:7B:54:0D:18:D8:37:55:BC:08:28

        X509v3 Extended Key Usage: 
            TLS Web Client Authentication
        X509v3 Key Usage: 
            Digital Signature
Signature Algorithm: sha256WithRSAEncryption
     82:a3:5b:35:35:0f:4b:ed:59:0c:2f:80:e3:d0:cc:fa:af:12:
     08:d9:2c:ed:c3:15:93:61:32:f7:b1:af:9f:28:39:02:4e:0a:
     b4:87:39:92:0f:30:5c:0e:65:ae:0a:fd:f7:ed:ee:47:6b:7a:
     49:ff:1f:5c:11:4d:61:f3:f9:0b:ce:c9:16:53:43:76:e3:da:
     e2:04:5b:fa:75:7c:50:77:cf:79:f7:aa:53:eb:95:6b:cc:c7:
     5c:ca:fb:58:b7:34:c1:cd:99:d7:c5:e7:68:3f:a1:ff:2d:40:
     1d:1a:0b:88:ba:51:83:ab:85:ab:8d:e4:01:67:32:dc:91:74:
     2e:62:f2:2e:43:f9:b2:ba:64:7f:1e:80:81:9d:c9:7b:16:97:
     e0:50:f3:04:ff:a1:10:6e:54:d7:01:d3:b6:aa:21:22:a2:2c:
     2e:d3:46:e5:df:37:32:b3:dc:3e:1e:4e:7d:fc:b8:6f:e8:7f:
     9b:a1:37:58:1b:bf:a6:68:1f:38:ef:61:f3:14:82:c4:da:63:
     93:7c:83:89:ff:c0:52:c5:57:8b:4e:e3:4b:84:da:9d:f7:db:
     84:c1:3d:e7:f5:35:91:3c:d3:dd:fc:57:ad:22:d2:7c:48:9d:
     4a:fd:aa:61:fa:bb:2e:d1:9d:90:21:71:ec:64:60:f1:7f:13:
     33:90:58:86:40:95:25:68:e6:c6:f8:f6:56:55:88:36:ae:ff:
     8b:ec:87:6d:16:e2:8e:e0:b3:82:ba:0e:62:09:34:e6:71:a7:
     bb:4c:9b:19:a2:c7:32:2f:fe:d5:47:26:07:b8:bf:81:8c:c2:
     74:6a:ca:55:39:92:f6:47:3c:87:e2:5d:86:07:35:72:a3:60:
     86:7a:e6:44:e2:8f:2b:dc:c1:f2:d0:ef:0c:8a:85:d4:fe:3e:
     82:4c:31:13:73:97:33:6c:02:32:9d:0e:f5:89:38:80:8c:45:
     05:b8:d8:d4:fe:72:ed:a3:c5:86:e7:9e:77:40:87:c3:77:53:
     d4:20:33:99:57:89:c9:6a:41:50:e9:9a:76:b7:91:15:d6:26:
     a1:4d:6a:68:6f:7c:17:6d:b3:72:a0:47:91:ce:a9:8f:f0:7f:
     3b:8d:e1:82:22:36:5c:44:a6:cb:fe:35:2f:ac:e7:20:73:17:
     b6:54:ee:63:15:1d:b8:90:09:04:bc:96:ce:61:49:48:80:c9:
     80:94:4b:5b:b5:b1:54:c3:15:f4:5d:19:63:90:b6:c2:74:68:
     ad:5c:e4:43:a3:64:1b:e3:6e:88:e3:1e:63:8b:e6:b5:b2:29:
     a1:e4:97:00:60:19:86:c3:a7:c7:e5:38:d2:ea:07:4f:66:ea:
     dd:ba:2f:1b:76:6e:cc:c6

-----BEGIN CERTIFICATE-----
MIIHDzCCBPegAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBmTELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRUwEwYDVQQHEwxTYW5GcmFuY2lzY28xEDAOBgNVBAoTB09w
ZW5WUE4xETAPBgNVBAsTCGNoYW5nZW1lMQ0wCwYDVQQDEwRyb290MREwDwYDVQQp
EwhjaGFuZ2VtZTEfMB0GCSqGSIb3DQEJARYQbWFpbEBob3N0LmRvbWFpbjAeFw0y
MDA2MDQxMDQzNTNaFw0zMDA2MDIxMDQzNTNaMIGcMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEQMA4GA1UEChMHT3BlblZQ
TjERMA8GA1UECxMIY2hhbmdlbWUxEDAOBgNVBAMTB2NsaWVudDAxETAPBgNVBCkT
CGNoYW5nZW1lMR8wHQYJKoZIhvcNAQkBFhBtYWlsQGhvc3QuZG9tYWluMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA8XLkaHyy8Je/W+2jhnKIm1Y7wJdx
o9aBxu/9m9Q61Hfk0/3/qTp689i+WvDjCkuMqil8V+ufoyguMNp+a3NCyaLGMsjm
7aUNU+Z8vrgtWSVoavChFMYBWmEWsjmsvlL93qjsoy2/aAU1yM9smgLRRT0FwVOX
VEPoc31Q6RYwX7TLBHVPVfiE5Klkrr9DXOurCbr15HBbQ+NkeRAcCrnmCO/imV44
vwt688lQWsO9QHV60s4x1Rcwtg1E755I6c2YTu9TsyPi1dgWXCrT01Bor6qcgZmZ
lOmXc8T63utG5ov31rfhBcW5czCZj49sGp8SapSnmVidlRI67iPWtuceGdJIBvjF
ZvrtkWUXFpr69t1mlN60zp/8rwkYlWe7KHgKF45H/OC3FsEPq7YHuMOIQqfN0atH
24NagYrYYz5dqmVpTRrI4OyM3QwKZnjr4jlpaOAH8gjDEG53T4QW0y52vLn/OCTl
uYkMBddCWvEdWSsSok8sRid0BkivPQLiSCD2u553Mwb2/XEiSWAZ0dwyYC5bT90c
JkVQRRPCKkYMTQzAHV7yKnkwdw4HqztKQ2PbQUYCPQy+To0Q5ZF0A1g2+RWxK9GE
wVajDneQe08ItgV7+z+ZdHHvOy1qCFDt25UJ+AvrJkHBTBEnj6/O/5UHpiy73m6g
tnzDMI3icmP3uNUCAwEAAaOCAVswggFXMAkGA1UdEwQCMAAwLQYJYIZIAYb4QgEN
BCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUkaDV
LmtJjaPJ0h1lt6zc9evJAHowgdkGA1UdIwSB0TCBzoAUq5Fb7CPFqi38+41Xo7V2
wVrVgwGhgZ+kgZwwgZkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UE
BxMMU2FuRnJhbmNpc2NvMRAwDgYDVQQKEwdPcGVuVlBOMREwDwYDVQQLEwhjaGFu
Z2VtZTENMAsGA1UEAxMEcm9vdDERMA8GA1UEKRMIY2hhbmdlbWUxHzAdBgkqhkiG
9w0BCQEWEG1haWxAaG9zdC5kb21haW6CFCUuaaitEfwgdgN7VA0Y2DdVvAgoMBMG
A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOC
AgEAgqNbNTUPS+1ZDC+A49DM+q8SCNks7cMVk2Ey97Gvnyg5Ak4KtIc5kg8wXA5l
rgr99+3uR2t6Sf8fXBFNYfP5C87JFlNDduPa4gRb+nV8UHfPefeqU+uVa8zHXMr7
WLc0wc2Z18XnaD+h/y1AHRoLiLpRg6uFq43kAWcy3JF0LmLyLkP5srpkfx6AgZ3J
exaX4FDzBP+hEG5U1wHTtqohIqIsLtNG5d83MrPcPh5Offy4b+h/m6E3WBu/pmgf
OO9h8xSCxNpjk3yDif/AUsVXi07jS4TanffbhME95/U1kTzT3fxXrSLSfEidSv2q
Yfq7LtGdkCFx7GRg8X8TM5BYhkCVJWjmxvj2VlWINq7/i+yHbRbijuCzgroOYgk0
5nGnu0ybGaLHMi/+1UcmB7i/gYzCdGrKVTmS9kc8h+Jdhgc1cqNghnrmROKPK9zB
8tDvDIqF1P4+gkwxE3OXM2wCMp0O9Yk4gIxFBbjY1P5y7aPFhueed0CHw3dT1CAz
mVeJyWpBUOmadreRFdYmoU1qaG98F22zcqBHkc6pj/B/O43hgiI2XESmy/41L6zn
IHMXtlTuYxUduJAJBLyWzmFJSIDJgJRLW7WxVMMV9F0ZY5C2wnRorVzkQ6NkG+Nu
iOMeY4vmtbIpoeSXAGAZhsOnx+U40uoHT2bq3bovG3ZuzMY=
-----END CERTIFICATE-----

client0.key

-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDxcuRofLLwl79b
7aOGcoibVjvAl3Gj1oHG7/2b1DrUd+TT/f+pOnrz2L5a8OMKS4yqKXxX65+jKC4w
2n5rc0LJosYyyObtpQ1T5ny+uC1ZJWhq8KEUxgFaYRayOay+Uv3eqOyjLb9oBTXI
z2yaAtFFPQXBU5dUQ+hzfVDpFjBftMsEdU9V+ITkqWSuv0Nc66sJuvXkcFtD42R5
EBwKueYI7+KZXji/C3rzyVBaw71AdXrSzjHVFzC2DUTvnkjpzZhO71OzI+LV2BZc
KtPTUGivqpyBmZmU6ZdzxPre60bmi/fWt+EFxblzMJmPj2wanxJqlKeZWJ2VEjru
I9a25x4Z0kgG+MVm+u2RZRcWmvr23WaU3rTOn/yvCRiVZ7soeAoXjkf84LcWwQ+r
tge4w4hCp83Rq0fbg1qBithjPl2qZWlNGsjg7IzdDApmeOviOWlo4AfyCMMQbndP
hBbTLna8uf84JOW5iQwF10Ja8R1ZKxKiTyxGJ3QGSK89AuJIIPa7nnczBvb9cSJJ
YBnR3DJgLltP3RwmRVBFE8IqRgxNDMAdXvIqeTB3DgerO0pDY9tBRgI9DL5OjRDl
kXQDWDb5FbEr0YTBVqMOd5B7Twi2BXv7P5l0ce87LWoIUO3blQn4C+smQcFMESeP
r87/lQemLLvebqC2fMMwjeJyY/e41QIDAQABAoICAQDaRJ/A6UGmB7hAtVIHn5Bo
xIrdrspXbvoAykE8Vp4cJophLhOpeyldOQnUEkFctDFkPn6eyG2WxCMFnO992UN+
Hj0H+d/w4y1qNEl+6+Zq2UtMqV0k916PwocO9N55a3L+jzzkwt1ufo9BimnFzFg8
PE7wls2Nqpn/lUDIhXuTeU+yJw5iTHhucceHxXVzEcSb1jyllwCaHX1dh7eh5q3S
VHFHbgrkgc9ThSCz/JEgLVOsMCSSWxV47gPsje2iFm7ipK3Imt9bq62DAmBdfio0
64nyCtXw7T4xtNeJH64Him6w16d/XWAphry7L89tPXIbkWj1UkuaUFGfqBxZWhM1
SQazXgssLtNaLg0EHOBmB6SwUjpzj4kVcdDeJznAt60mBi6v9n7Kqx6phebmQq5o
eznKDyeSoNPs61HSOL9PnVJg5WpHgIb8Fir0Z+YWBdgRVF0fp+oorYiXbKrdLoGE
sP+Tv4ToNaSCJmZb6QpgG5GJM1Ghak1VOEOh3yjoR0hQ6wXZeDZNlqdy0+u4rN0G
laHZpMWn0JZVjckPRzjFZGilBuHYs9gL0XHCOul3teXIslZsNndLFz2BwaxYK9xw
NWF7BedOvtTIsxbQ9A/DKIbKKjfjUR0FJOvlB+DKWpLY0o+mDrn0U02eyOuLUVB+
c8whtaqhxIHlhjI3BhAMvQKCAQEA+TZW+tOWY8BtgB2E3CEhANNRf+V4H/JeOvLf
Su+rGbakEvpmDFrGUTcd69mCpx2dB60J9J37V9SgDNsSlyHsfuWW8NVqa5BVA3l2
rTVvTr1XfojtJPPDV/Xcih9MsnYM5GoowU8xa2Op+hI+WHu0cF2F5WkqZ3xnEzmy
jQgRfdiCy1T56Kinurq0sGtiC/1kDt6DlFt4JoaYI39yW8MHtsE5LoZp1DhtGSdp
sIypwuyoPx9q0B8XBZaFnirEIw6eC+CgYWFqymC+3dK8hQHVueAOKhu8MV1O1c+t
3TLnSrfOsUp+qV8eInnxO88XN7cTdqW3oUWvMtWkgNqgU1sZnwKCAQEA+AZrurK/
jXx6kp+oCuPvH0sWyCqe6qEA25oHkoNsdVhAySkru1WOLjz2og7OK5Jokh9U03KW
whU4LgaFVlUijmvm1kKnq2L/dBCXOCoSVUav2UpsXrbCZrHBE/7fKvVkC5yD1zLs
nLpJqO1VQICpC9l4HoMQJwnCZq9gnKtUCErp4vMfJPPmkAZk632ohkDwcdg5xbdA
4QbKrgH+SDd9zos7hy3mDHV5zxGYVfXezXZnzRQhbLaCXO0ZMmT7/RkgwuG8gZA4
nY3J36G8cYDBI6/t9gm7aTDOheB1RPkchZ4h4ZSKRWOl+nUkgJ2beONbAesSq9t+
1GoUTTDC74wBCwKCAQBSj/4g+xhH0+hzGVR62T7l1xyZEpzJeLJfNTdkzCITUr7o
yqwkS66IGYqAKH9wfg8YC+vQbsZmQrsDh1CRYVvIbqejAhFPsXF4xTTcDWfi3jeu
ZA6sv1VoPrvhxpzSQunigokeAe6NdWdKweCFz/XnhBRn/H9f6Yb8h5DvyEyDNMeg
NXbV7YokAtb525mP/1K22mEdNXCI0u50VDS+0c4sbbdUApPtCwSZ4MTTCMb1HRJg
Vzg72xD1ePirfd+c/aq+pJx9ppiKk6KoOrjaF9GG0wPeT3H5qMAFddhUABlAV8TS
V6u+0RRat6uD9QfsHWsFU8GSXFO+s6jcR5H2C6hhAoIBAClDMDL8P9/zAJVaGGPP
bd2/6Uddx9hy9qiSJIZcdPPEvep5ffwJjMDmhYWKfwRCtEDzE3KmEqyxSQpnLVGi
kkAtdVbZ+fkKXENb6zx9y1UCkIjO196d+xOIqP2BnnEQKBfCbzCjGTgtyclfypoT
jYwaHuC8nzhPaFcbADCwVCeZBvYpylmkdgwp9Co1Wo8TSK038syQ4ytMrPVsAXjU
OordIQcpPKd/98baP4S1hd6av0QgADuM1X1OOK3onP+LaabiVTEc5D5Z82bQCoC7
keY1A5q2HcavRvyAziGua+9S0oIr6yEGJfvX9z2qes4OzPoxuIZ82snN6Bi7bwLZ
QOcCggEBAPcD/neQv2Xq7OqtANeg7itx7zq/Lp81W0N1IIG4aKxz/Mj5z91w406s
BPTRcEoEk2uZ/MMNVwpa9gCK2biUh3pxqNuqs1fNVGccKPGE993AB+e3S5Uf5e0N
7GzGhG4NfF67qF5A54Re3uJatWFite8MU4qlBQL7zg2mb3Zg2jFGKicbcvG8Uq9+
Y9SXe8QpelMD1xCbJyS7te/XC3Yr7clKubDAiyFTU4pbQEsBxWu/DKY9ChFz0Y3v
2qC5riJcFj4t8DoO+kZlePrYjUak1OOlc5uYgns4K1QuOjMPR4IvTvNF0nhnxq6n
9vNOHBTsi+jY3PaDR9jNj9tQDX7RPDs=
-----END PRIVATE KEY-----

First, you should generate your keys and certificate again now.

Please, never share certificates keys, they are not relevant for the issue.

About your server certificate, you should have the server name in the CN field.

By server name I mean the name resolved by DNS, not the IP.

Certificate for localhost and for server name are different, in specific certificate for localhost are like self signed certificate: not trusted.

But they can be use when you work on localhost, like in development.

If you cannot work with client and server on the same machine, use the certificate with the server name.

I guess the self signed is the CA certificate.

In order to have client and server to work, they should have certificate signed from a common known CA.

So for your test you should sign the client certificate with your CA, and add the CA certificate on the client as a trusted certificate.

I recently worked on a similar issue with Actix Web, but I use the OpenSSL instead of the rustls.

Hope this will help.

To debug just the secure connection, you can use the openssl s_client. That helps you have a look on the proper exchange of the server and see which certificate is used and understand better the errors.

Thanks for your help, you solved my problem. Solution was to turn off certificate verification in Postman.

I understand that, but thought that i missed smth during certificate generation process. Certificats in post are pure debug.

Useful suggestion, will give it a try!

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.