'pkcs12' option in .ovpn config is ignored,
After adding and assigning the pfx to a connection, I see that
CA bundled with user cert/key in pfx package is not usable, I get
CA not defined
I have to extract the CA manually and add it into .ovpn config (ca option)
After that I get
EPKI error: External Certificate Signing Failed
Only after I extract key, cert and CA from PFX and use them in .ovpn config (key, cert, ca text options),
thus I believe overriding openvpn keychain,
I can successfully connect.
Did you even test PFX and PFX with bundled CA, they are obviously unusable.
Also a PFX package w/o password may not be inserted into the 'openvpn' keychain, so I have to encrypt the private key in the package, which should be optional.
Fullchain pfx (p12) is unusable
-
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Jan 03, 2022 11:35 am