Fullchain pfx (p12) is unusable

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
badfiles
OpenVpn Newbie
Posts: 1
Joined: Mon Jan 03, 2022 11:35 am

Fullchain pfx (p12) is unusable

Post by badfiles » Mon Jan 03, 2022 12:22 pm

'pkcs12' option in .ovpn config is ignored,

After adding and assigning the pfx to a connection, I see that
CA bundled with user cert/key in pfx package is not usable, I get
CA not defined

I have to extract the CA manually and add it into .ovpn config (ca option)
After that I get
EPKI error: External Certificate Signing Failed

Only after I extract key, cert and CA from PFX and use them in .ovpn config (key, cert, ca text options),
thus I believe overriding openvpn keychain,
I can successfully connect.

Did you even test PFX and PFX with bundled CA, they are obviously unusable.
Also a PFX package w/o password may not be inserted into the 'openvpn' keychain, so I have to encrypt the private key in the package, which should be optional.

Post Reply