silent installation of tap driver certificates under windows

Instructions and tips on how to roll your own client installer.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
alibaba123
OpenVpn Newbie
Posts: 2
Joined: Tue Mar 19, 2019 9:51 am

silent installation of tap driver certificates under windows

Post by alibaba123 » Tue Mar 19, 2019 10:37 am

The silent installation of the OpenVPN client for Windows installs the TAP driver too.
But the TAP driver installation comes up with a window and ask me to trust OpenVPN.

If you want solve the problem, you have to install OpenVPN manually first.
After your manual installation, the windows system has three OpenVPN
certificates in the cert store of Windows.

1st step
----------
Start the program certmgr.msc to see the certificates. You find the OpenVPN certificates on
  • Intermediate Certification Authorities
    Truestd Publishers
    Trusted Publishers

or if you have a german windows installation on
  • Zwischenzertifizierungsstellen
    Vertrauenswürdige Herausgeber
    Vertrauenswürdige Herausgeber
Export the three certificates to three different files.
I have made these files:
  • tapdriver_CA.cer
    tapdriver_TrustedPublisher_1.cer
    tapdriver_TrustedPublisher_2.cer
Exit the program certmgr.msc if yiu have made these thress files too.

2nd step
----------
Make a list of all certificate to find out the cert store names for
  • Intermediate Certification Authorities (Zwischenzertifizierungsstellen)
    Truestd Publishers (Zwischenzertifizierungsstellen)
You need the internal windows store names to import the certificates later.
Use this powershell command to make a list
  • Get-ChildItem -Recurse Cert: > c:\list.txt
You will find the following names in the file c:\list.txt
  • CA for Intermediate Certification Authorities (Zwischenzertifizierungsstellen)
    TrustedPublisher for Truestd Publishers (Vertrauenswürdige Herausgeber)
3th step
----------
My silent setup script for the OpenVPN client for Windows
has finally four commands:
  • certutil -addstore CA tapdriver_CA.cer
    certutil -addstore TrustedPublisher tapdriver_TrustedPublisher_1.cer
    certutil -addstore TrustedPublisher tapdriver_TrustedPublisher_2.cer
    set P1=openvpn-install-2.4.7-I603.exe
    set P2=/SELECT_SHORTCUTS=1
    set P3=/SELECT_OPENVPN=1
    set P4=/SELECT_SERVICE=1
    set P5=/SELECT_TAP=1
    set P6=/SELECT_ASSOCIATIONS=1
    set P7=/SELECT_OPENSSL_UTILITIES=0
    set P8=/SELECT_EASYRSA=1
    set P9=/S
    set CMD=start /wait %P1% %P2% %P3% %P4% %P5% %P6% %P7% %P8% %P9%
    %CMD%

it@nextmaritime.com
OpenVpn Newbie
Posts: 3
Joined: Fri May 10, 2019 9:52 am

Re: silent installation of tap driver certificates under windows

Post by it@nextmaritime.com » Fri May 10, 2019 10:00 am

Hi Team,

I am playing arround with the silent options and all works fine.... except for "Launch OpenVPN GUI on User Logon" option.

I need to disable this option at install script but couldn't find any parameter to change it.. is enable by default.

There is any parameter to accomplish that?

Many thanks!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: silent installation of tap driver certificates under windows

Post by TinCanTech » Fri May 10, 2019 5:28 pm

As above but include:

Code: Select all

/SELECT_LAUNCH=0

it@nextmaritime.com
OpenVpn Newbie
Posts: 3
Joined: Fri May 10, 2019 9:52 am

Re: silent installation of tap driver certificates under windows

Post by it@nextmaritime.com » Tue May 14, 2019 1:43 pm

Many thanks!!!!

Why there isn't any documentation about this parameters?

Can you post the whole parameters list?

mplima
OpenVpn Newbie
Posts: 1
Joined: Mon Dec 09, 2019 3:58 pm

Re: silent installation of tap driver certificates under windows

Post by mplima » Mon Dec 09, 2019 4:17 pm

Hello there ;)

i was trying to build a silent OpenVPN installer package for Windows 7, based on this post, but i could not find the certificates mentioned here.
The only "OpenVPN Inc" cert was in:
"Truestd Publishers"
It is signed by "DigiCert EV", but the "DigiCert EV" certificate in:
"Intermediate Certification Authorities"
did not work.
Also i couldn't find the third "OpenVPN Inc" certificate, mentioned here.

Did i miss something or did this behavior change since this post?

Looking forward to get the missing piece here ;)

Post Reply