OpenVPN Client Export Utility - Imported CA Certs don't work?

  • Hello,

    I am no longer able to export configurations from the GUI, but I had been successful at exporting a config file prior to the recent updates to the client export utility with my existing OVPN Server.  I recently updated to 2.0.2, and have updated the package a couple of times, and am now on 1.0.4.

    While my configuration used to show up, it no longer does.  I noticed in the GUI:

    NOTE: If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager.

    So I assumed it was some kind of an issue with my certs, but I haven't modified them at all in the same time frame.  I then generated a new CA cert and cert for a new OVPN server, and started up another instance on another port, and that one does show up in the list, so it definitely seems related to my original CA cert.

    The CA I use was one I imported from elsewhere - is that the reason it doesn't work?  Again - it did work once upon a time, so I'm not sure why it stopped now.

    I can of course just replace my certificates, but then I'd need to push out all new configurations to my devices, which while admittedly is now easier than it used to be, is still a process I'd rather avoid if at all possible.

    Thanks in advance for any help or suggestions.


  • Hi,

    I'm having the same issue with a CA I imported from a previous openvpn setup.  Have you had any success getting this to work?


  • Rebel Alliance Developer Netgate

    When you imported the CA, did you also import the user certificates? Or just the CA?  If you imported the user certs, did you maybe import the certs first and the CA later?

    If you import the CA first, and then the certs, it should locate the proper CA and form an association and work with the client export package as expected.

    Though actually in the code it appears to find it either way (CA imported first or Certs imported first), so long as you import the CA and the user certificates.