Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN Manager and Windows Certstore

    OpenVPN
    1
    1
    507
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Grimeton
      Grimeton last edited by

      Hello,

      when using the client export utility and selecting to:

      • store the certificates in the Microsoft cert store
      • add the OpenVPN Manager to the installation bundle

      the certificate is imported into the wrong cert store.

      The installation imports the p12 file into the cert store of the user but, as the OpenVPN service runs as local system, it needs to be imported into the computer's cert store.

      Looking into it, I figured out that the cert actually is imported via the rundll32 option which is available on any Windows version but doesn't allow to import the cert to the computer's cert store.

      To make it work, and to also import the certificate without prompting the user AND marking the key unexportable without giving the user the chance to change that (might be wanted/needed sometimes) the process would need to switch to the "certutil.exe" utility.

      I'd be happy to provide the necessary patches and test the new process if the change would be accepted. I'd also be happy to implement the new process so that it either does a fallback to the old import system if the new one isn't available and/or prompt the user with a message that he has to import the certificate to the computer's cert store on its own.

      Let me know if and what you want todo or if you have any questions.

      Either way, if anything is unclear, feel free to contact me.

      KR,

      G.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post