pkcs12 and ca config parameters as CLI options

Scripts to manage certificates or generate config files
Post Reply
emrehan
OpenVpn Newbie
Posts: 7
Joined: Mon Apr 04, 2022 10:31 am

pkcs12 and ca config parameters as CLI options

Post by emrehan » Mon Apr 04, 2022 11:19 am

Hello everybody,

I'm using openvpn as client with two config files belove.

client1.conf

<pkcs12>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</pkcs12>

or

client2.conf

<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>


Openvpn version 2.4.11

I use all other option as CLI parameters. I want to use this two as CLI parameters too so I do not need to create config file at all.

I tried --ca --pkcs12 --cert parameters but VPN connection always failed but I can establish VPN with these 2 config file.

Is there any example for these 2 parameters?

Thanks in advance.

User avatar
TinCanTech
Forum Team
Posts: 10722
Joined: Fri Jun 03, 2016 1:17 pm

Re: pkcs12 and ca config parameters as CLI options

Post by TinCanTech » Mon Apr 04, 2022 1:43 pm

The parameter to a command line option like --ca is /path/to/filename.foo

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 660
Joined: Tue Feb 16, 2021 10:41 am

Re: pkcs12 and ca config parameters as CLI options

Post by openvpn_inc » Mon Apr 04, 2022 6:35 pm

Hi em,

I guess what you want is to do the whole thing in a command line, with none of --config nor --ca nor --cert as separate files? I don't think this is possible. You could perhaps try some bash(1) (or other script language) magic with creating special file descriptors.

You mentioned using two config files. If the goal is to consolidate those into one, sure, you can do that. No point in having inline sections in separate files, just concatenate them into newfile, and call them as:

Code: Select all

openvpn --config newfile
regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

emrehan
OpenVpn Newbie
Posts: 7
Joined: Mon Apr 04, 2022 10:31 am

Re: pkcs12 and ca config parameters as CLI options

Post by emrehan » Mon Apr 04, 2022 8:43 pm

Thanks for your answers,

I don't want to use --config file but I can use --ca or --cert or any other one. Currently I could use command line parameter all my configs but <pkcs12> and <ca>.

I use <pkcs12> parameter in config file, OR
I use <ca> parameter if I use smart card.

I actually need format of file which is used with --ca or --cert

User avatar
TinCanTech
Forum Team
Posts: 10722
Joined: Fri Jun 03, 2016 1:17 pm

Re: pkcs12 and ca config parameters as CLI options

Post by TinCanTech » Mon Apr 04, 2022 9:37 pm

emrehan wrote:
Mon Apr 04, 2022 8:43 pm
I actually need format of file which is used with --ca or --cert
PEM.

emrehan
OpenVpn Newbie
Posts: 7
Joined: Mon Apr 04, 2022 10:31 am

Re: pkcs12 and ca config parameters as CLI options

Post by emrehan » Tue Apr 05, 2022 9:01 am

Currently this one works
openvpn.exe --config conf1.ovpn
with this conf
conf1.ovpn

<pkcs12>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</pkcs12>


But I want to use it as
openvpn.exe --pkcs12 conf1 OR
openvpn.exe --ca conf1 OR
openvpn.exe --key conf1 OR
openvpn.exe --cert conf1

I tried them all with this file
conf1

-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----


Results

--pkcs12 log file

Tue Apr 05 11:26:27 2022 MANAGEMENT: CMD 'hold off'
Tue Apr 05 11:26:27 2022 MANAGEMENT: CMD 'hold release'
OPENSSL_Uplink(7BF1A2F0,08): no OPENSSL_Applink


--ca log file

Options error: No client-side authentication method is specified. You must use either --cert/--key, --pkcs12, or --auth-user-pass


--key log file

Options error: You must define CA file (--ca) or CA path (--capath)


--cert log file

Options error: You must define CA file (--ca) or CA path (--capath)


all failed.

User avatar
TinCanTech
Forum Team
Posts: 10722
Joined: Fri Jun 03, 2016 1:17 pm

Re: pkcs12 and ca config parameters as CLI options

Post by TinCanTech » Tue Apr 05, 2022 12:03 pm

emrehan wrote:
Tue Apr 05, 2022 9:01 am
But I want
Doesn't work that way.

emrehan
OpenVpn Newbie
Posts: 7
Joined: Mon Apr 04, 2022 10:31 am

Re: pkcs12 and ca config parameters as CLI options

Post by emrehan » Tue Apr 05, 2022 3:04 pm

TinCanTech wrote:
Tue Apr 05, 2022 12:03 pm
emrehan wrote:
Tue Apr 05, 2022 9:01 am
But I want
Doesn't work that way.
Ok

emrehan
OpenVpn Newbie
Posts: 7
Joined: Mon Apr 04, 2022 10:31 am

Re: pkcs12 and ca config parameters as CLI options

Post by emrehan » Tue May 10, 2022 7:56 pm

Problem not solved.

User avatar
TinCanTech
Forum Team
Posts: 10722
Joined: Fri Jun 03, 2016 1:17 pm

Re: pkcs12 and ca config parameters as CLI options

Post by TinCanTech » Fri May 13, 2022 8:32 pm

Please read the howto.

Post Reply