Initial client connect without password
Posted: Mon Apr 17, 2017 5:05 pm
Hi.
I am working on fully automating the installation and configuration of OpenVPN AS (version 2.1.4 on Ubuntu 16.04). This is working well, however, I've run into a stumbling block when I get to the actual initial client connection.
I see that I can get the server to automatically create a profile for each of my allowed users and that I can export the file, with certificates embedded, and pass it along to them. However, when a user makes the initial connection via a browser so they can download the client files, they are asked for a password. I do not want my users ever to enter a password. Initially, I want to get certificate-only authentication working, and then add on 2-factor using Google Auth. But how can that initial connection work? I tried using certtool to export the client cert & key to p12 and imported it into the browser, but that did not do the trick. What am I missing? Thanks!
I am working on fully automating the installation and configuration of OpenVPN AS (version 2.1.4 on Ubuntu 16.04). This is working well, however, I've run into a stumbling block when I get to the actual initial client connection.
I see that I can get the server to automatically create a profile for each of my allowed users and that I can export the file, with certificates embedded, and pass it along to them. However, when a user makes the initial connection via a browser so they can download the client files, they are asked for a password. I do not want my users ever to enter a password. Initially, I want to get certificate-only authentication working, and then add on 2-factor using Google Auth. But how can that initial connection work? I tried using certtool to export the client cert & key to p12 and imported it into the browser, but that did not do the trick. What am I missing? Thanks!