Cryptoapicert without using a CA file

Scripts to manage certificates or generate config files
Post Reply
jasong
OpenVpn Newbie
Posts: 2
Joined: Thu Jan 04, 2018 4:11 pm

Cryptoapicert without using a CA file

Post by jasong » Thu Jan 04, 2018 4:21 pm

Hi All

I have my Windows OpenVPN client (2.4.4) working well using Cryptoapicert and the Windows Certificate Store. That being said, I'm unhappy about having to store my CA certificate as a file on the client. I would much prefer the client look in the Trusted Certification Authorities container with the Certificate Store to see if it's certificate is signed by a trusted authority. As it is, I need to add CA {path to my ca certificate} in the config file.

Is there any way to do this and remove the CA option in the config file and just have everything in the Windows Certificate Store?

Thanks
J

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5635
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cryptoapicert without using a CA file

Post by TinCanTech » Thu Jan 04, 2018 8:05 pm

OpenVPN requires that the CA be kept as a file and that either --ca or --capath is used.

I can't see a reason why .. other than it is not important enough for a developer to do it.

Post Reply