Cryptoapicert without using a CA file

Scripts to manage certificates or generate config files
Post Reply
OpenVpn Newbie
Posts: 2
Joined: Thu Jan 04, 2018 4:11 pm

Cryptoapicert without using a CA file

Post by jasong » Thu Jan 04, 2018 4:21 pm

Hi All

I have my Windows OpenVPN client (2.4.4) working well using Cryptoapicert and the Windows Certificate Store. That being said, I'm unhappy about having to store my CA certificate as a file on the client. I would much prefer the client look in the Trusted Certification Authorities container with the Certificate Store to see if it's certificate is signed by a trusted authority. As it is, I need to add CA {path to my ca certificate} in the config file.

Is there any way to do this and remove the CA option in the config file and just have everything in the Windows Certificate Store?


User avatar
OpenVPN Protagonist
Posts: 5635
Joined: Fri Jun 03, 2016 1:17 pm

Re: Cryptoapicert without using a CA file

Post by TinCanTech » Thu Jan 04, 2018 8:05 pm

OpenVPN requires that the CA be kept as a file and that either --ca or --capath is used.

I can't see a reason why .. other than it is not important enough for a developer to do it.

Post Reply