Scripts to manage certificates or generate config files
Moderators: TinCanTech , TinCanTech , TinCanTech , TinCanTech , TinCanTech , TinCanTech
emrehan
OpenVpn Newbie
Posts: 8 Joined: Mon Apr 04, 2022 10:31 am
Post
by emrehan » Mon Apr 04, 2022 11:19 am
Hello everybody,
I'm using openvpn as client with two config files belove.
View Original client1.conf
<pkcs12>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</pkcs12>
or
View Original client2.conf
<ca>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</ca>
Openvpn version 2.4.11
I use all other option as CLI parameters. I want to use this two as CLI parameters too so I do not need to create config file at all.
I tried
--ca --pkcs12 --cert parameters but VPN connection always failed but I can establish VPN with these 2 config file.
Is there any example for these 2 parameters?
Thanks in advance.
TinCanTech
OpenVPN Protagonist
Posts: 11138 Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Mon Apr 04, 2022 1:43 pm
The parameter to a command line option like --ca is /path/to/filename.foo
openvpn_inc
OpenVPN Inc.
Posts: 1332 Joined: Tue Feb 16, 2021 10:41 am
Post
by openvpn_inc » Mon Apr 04, 2022 6:35 pm
Hi em,
I guess what you want is to do the whole thing in a command line, with none of
--config nor
--ca nor
--cert as separate files? I don't think this is possible. You could perhaps try some
bash(1) (or other script language) magic with creating special file descriptors.
You mentioned using two config files. If the goal is to consolidate those into one, sure, you can do that. No point in having inline sections in separate files, just concatenate them into
newfile , and call them as:
regards, rob0
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
emrehan
OpenVpn Newbie
Posts: 8 Joined: Mon Apr 04, 2022 10:31 am
Post
by emrehan » Mon Apr 04, 2022 8:43 pm
Thanks for your answers,
I don't want to use --config file but I can use --ca or --cert or any other one. Currently I could use command line parameter all my configs but <pkcs12> and <ca>.
I use <pkcs12> parameter in config file, OR
I use <ca> parameter if I use smart card.
I actually need format of file which is used with --ca or --cert
TinCanTech
OpenVPN Protagonist
Posts: 11138 Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Mon Apr 04, 2022 9:37 pm
emrehan wrote: ↑ Mon Apr 04, 2022 8:43 pm
I actually need format of file which is used with --ca or --cert
PEM.
emrehan
OpenVpn Newbie
Posts: 8 Joined: Mon Apr 04, 2022 10:31 am
Post
by emrehan » Tue Apr 05, 2022 9:01 am
Currently this one works
openvpn.exe
--config conf1.ovpn
with this conf
View Original conf1.ovpn
<pkcs12>
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
</pkcs12>
But I want to use it as
openvpn.exe
--pkcs12 conf1 OR
openvpn.exe
--ca conf1 OR
openvpn.exe
--key conf1 OR
openvpn.exe
--cert conf1
I tried them all with this file
View Original conf1
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
Results
View Original --pkcs12 log file
Tue Apr 05 11:26:27 2022 MANAGEMENT: CMD 'hold off'
Tue Apr 05 11:26:27 2022 MANAGEMENT: CMD 'hold release'
OPENSSL_Uplink(7BF1A2F0,08): no OPENSSL_Applink
View Original --ca log file
Options error: No client-side authentication method is specified. You must use either --cert/--key, --pkcs12, or --auth-user-pass
View Original --key log file
Options error: You must define CA file (--ca) or CA path (--capath)
View Original --cert log file
Options error: You must define CA file (--ca) or CA path (--capath)
all failed.
TinCanTech
OpenVPN Protagonist
Posts: 11138 Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Tue Apr 05, 2022 12:03 pm
emrehan wrote: ↑ Tue Apr 05, 2022 9:01 am
But I want
Doesn't work that way.
emrehan
OpenVpn Newbie
Posts: 8 Joined: Mon Apr 04, 2022 10:31 am
Post
by emrehan » Tue Apr 05, 2022 3:04 pm
TinCanTech wrote: ↑ Tue Apr 05, 2022 12:03 pm
emrehan wrote: ↑ Tue Apr 05, 2022 9:01 am
But I want
Doesn't work that way.
Ok
emrehan
OpenVpn Newbie
Posts: 8 Joined: Mon Apr 04, 2022 10:31 am
Post
by emrehan » Tue May 10, 2022 7:56 pm
Problem not solved.
TinCanTech
OpenVPN Protagonist
Posts: 11138 Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Fri May 13, 2022 8:32 pm
Please read the howto.