OpenVPN Manager and Windows Certstore



  • Hello,

    when using the client export utility and selecting to:

    • store the certificates in the Microsoft cert store
    • add the OpenVPN Manager to the installation bundle

    the certificate is imported into the wrong cert store.

    The installation imports the p12 file into the cert store of the user but, as the OpenVPN service runs as local system, it needs to be imported into the computer's cert store.

    Looking into it, I figured out that the cert actually is imported via the rundll32 option which is available on any Windows version but doesn't allow to import the cert to the computer's cert store.

    To make it work, and to also import the certificate without prompting the user AND marking the key unexportable without giving the user the chance to change that (might be wanted/needed sometimes) the process would need to switch to the "certutil.exe" utility.

    I'd be happy to provide the necessary patches and test the new process if the change would be accepted. I'd also be happy to implement the new process so that it either does a fallback to the old import system if the new one isn't available and/or prompt the user with a message that he has to import the certificate to the computer's cert store on its own.

    Let me know if and what you want todo or if you have any questions.

    Either way, if anything is unclear, feel free to contact me.

    KR,

    G.


Log in to reply