Is there a way to create a profile that will use the Windows certificate store?
Posted: Tue Aug 10, 2021 3:19 pm
As the title asks.
I am setting up a VPN remote access server using OpenVPN and am using client certificate + username and password authentication.
I am doing this with a pfSense router/firewall. It has a utility to export an 'Inline Configuration' which will import to an OpenVPN client and work perfectly fine. The 'inline' configuration file includes the necessary certificates, including the client certificate. It is also includes the private key of the client certificate in plain text.
I don't think I have to explain here how serious of a security problem that is.
Is there a way to set an openvpn configuration profile to use a Windows 10 machine's certificate store instead of having the certificates embedded in the profile? This would need to work for both client certificates and server certificates. I have other infrastructure on hand I can use to securely deploy the client certificates as pfx/p12 files.
I am setting up a VPN remote access server using OpenVPN and am using client certificate + username and password authentication.
I am doing this with a pfSense router/firewall. It has a utility to export an 'Inline Configuration' which will import to an OpenVPN client and work perfectly fine. The 'inline' configuration file includes the necessary certificates, including the client certificate. It is also includes the private key of the client certificate in plain text.
I don't think I have to explain here how serious of a security problem that is.
Is there a way to set an openvpn configuration profile to use a Windows 10 machine's certificate store instead of having the certificates embedded in the profile? This would need to work for both client certificates and server certificates. I have other infrastructure on hand I can use to securely deploy the client certificates as pfx/p12 files.