ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0017381ClearOSapp-openvpn - OpenVPNpublic2017-10-05 11:542019-02-22 23:34
Reporterdloper 
Assigned Todloper 
PrioritylowSeverityfeatureReproducibilityalways
StatusclosedResolutionsuspended 
PlatformOSOS Version
Product Version7.4.0 
Target VersionFixed in Version 
Summary0017381: Add certificate, key, and ca to ovpn file.
DescriptionSupport has been added to allow the certificate, key, and ca file.

Steps To ReproduceSyntax looks like this:

dev tun
port 1194
proto udp
remote hostname.example.com
nobind
comp-lzo
persist-key
persist-tun
verb 3

<ca>
-----BEGIN CERTIFICATE-----
MIIELTCCAxWgAwIBAgIJAN+eFXd7HL1cMA0GCSqGSIb3DQEBCwUAMIGsMQswCQYD
VQQGEwJVUzERMA8GA1UEBwwIQW55d2hlcmUxEDAOBgNVBAoMB0NsZWFyT1MxCzAJ
...
e3aNlRz4eT+SQPRhNbFqDZ0Davwc73fLpu1goXcPW+n5mgj+SNSOQyDa49Ir6VPe
txydcSsvi+eKBwav4qx1pDA=
-----END CERTIFICATE-----

</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIID7jCCAtagAwIBAgIDIAAEMA0GCSqGSIb3DQEBCwUAMIGsMQswCQYDVQQGEwJV
UzERMA8GA1UEBwwIQW55d2hlcmUxEDAOBgNVBAoMB0NsZWFyT1MxCzAJBgNVBAsM
...
4w3XOapECrNS7VRMufH3e8F8hznjp1vTNP1LPzhEBsqUjDn19CHgKMHi6FPZKM67
Ins=
-----END CERTIFICATE-----

</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDia4o44AzPaYOU
/qK57MqG6bOMT1Llm/FW4axzPh/N9cEnV/B7gvZw7eXwh/FREB/VdJo+FSLSJD9H
...
OMW5kQLBkfJfVgco2bwzlGvsHOOF7lF464Ud/sVsSo06XK4iL36+FrUHMKShnbWG
JQgqwLz2QLYqw+W3v9sEdC+7
-----END PRIVATE KEY-----

</key>
Additional InformationI found this script useful to convert the certificate, key, and ca to the proper format:

https://gist.github.com/mertdumenci/9768597 [^]
TagsNo tags attached.
Attached Files

- Relationships
related to 0022801closeddloper Rename the ca-cert.pem file when downloaded for a client 

-  Notes
(0006601)
NickH (developer)
2017-10-06 07:21

This method works well and is much easier for loading profiles into iOS devices as they can be loaded straight from e-mails rather than using iTunes to load the files. It does, however, not allow to use the keychain for certificates, but it is probably no more "risky" than the current method which also does not use keychains.
(0009071)
dloper (administrator)
2019-02-22 23:34

Migrated to: https://gitlab.com/clearos/clearfoundation/app-openvpn/issues/2 [^]

- Issue History
Date Modified Username Field Change
2017-10-05 11:54 dloper New Issue
2017-10-06 07:21 NickH Note Added: 0006601
2017-11-08 07:52 user2 Status new => acknowledged
2018-02-12 10:06 user2 Target Version 7.4.0 Updates =>
2019-01-22 07:32 NickH Relationship added related to 0022801
2019-02-22 23:34 dloper Note Added: 0009071
2019-02-22 23:34 dloper Status acknowledged => closed
2019-02-22 23:34 dloper Assigned To => dloper
2019-02-22 23:34 dloper Resolution open => suspended