ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0017381ClearOSapp-openvpn - OpenVPNpublic2017-10-05 11:542017-11-08 07:52
Reporterdloper 
Assigned To 
PrioritylowSeverityfeatureReproducibilityalways
StatusacknowledgedResolutionopen 
PlatformOSOS Version
Product Version7.4.0 
Target Version7.4.0 UpdatesFixed in Version 
Summary0017381: Add certificate, key, and ca to ovpn file.
DescriptionSupport has been added to allow the certificate, key, and ca file.

Steps To ReproduceSyntax looks like this:

dev tun
port 1194
proto udp
remote hostname.example.com
nobind
comp-lzo
persist-key
persist-tun
verb 3

<ca>
-----BEGIN CERTIFICATE-----
MIIELTCCAxWgAwIBAgIJAN+eFXd7HL1cMA0GCSqGSIb3DQEBCwUAMIGsMQswCQYD
VQQGEwJVUzERMA8GA1UEBwwIQW55d2hlcmUxEDAOBgNVBAoMB0NsZWFyT1MxCzAJ
...
e3aNlRz4eT+SQPRhNbFqDZ0Davwc73fLpu1goXcPW+n5mgj+SNSOQyDa49Ir6VPe
txydcSsvi+eKBwav4qx1pDA=
-----END CERTIFICATE-----

</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIID7jCCAtagAwIBAgIDIAAEMA0GCSqGSIb3DQEBCwUAMIGsMQswCQYDVQQGEwJV
UzERMA8GA1UEBwwIQW55d2hlcmUxEDAOBgNVBAoMB0NsZWFyT1MxCzAJBgNVBAsM
...
4w3XOapECrNS7VRMufH3e8F8hznjp1vTNP1LPzhEBsqUjDn19CHgKMHi6FPZKM67
Ins=
-----END CERTIFICATE-----

</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDia4o44AzPaYOU
/qK57MqG6bOMT1Llm/FW4axzPh/N9cEnV/B7gvZw7eXwh/FREB/VdJo+FSLSJD9H
...
OMW5kQLBkfJfVgco2bwzlGvsHOOF7lF464Ud/sVsSo06XK4iL36+FrUHMKShnbWG
JQgqwLz2QLYqw+W3v9sEdC+7
-----END PRIVATE KEY-----

</key>
Additional InformationI found this script useful to convert the certificate, key, and ca to the proper format:

https://gist.github.com/mertdumenci/9768597 [^]
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0006601)
NickH (reporter)
2017-10-06 07:21

This method works well and is much easier for loading profiles into iOS devices as they can be loaded straight from e-mails rather than using iTunes to load the files. It does, however, not allow to use the keychain for certificates, but it is probably no more "risky" than the current method which also does not use keychains.

- Issue History
Date Modified Username Field Change
2017-10-05 11:54 dloper New Issue
2017-10-06 07:21 NickH Note Added: 0006601
2017-11-08 07:52 pbaldwin Status new => acknowledged