My goal is to achieve usage of openvpn client on windows workstations to use certificates, which are stored in certificate store. I have tried to install them to personal store, but it is not working.
Is there any way to achieve this to use openvpn with certificates in personal certificate store? We see it, that using personal and CA certificates in one folder is a security issue and we want to secure it this way.
I did quick test and it works for me with client certfificate in personal store. All it needed was to replace “cert” and “key” options in config file with “cryptoapicert” option and proper identification of certificate.
Only problem I see is how to replace also “ca” option and use CA certificate from certificate store too, so far I don’t see any option for that.
Adrian , yes, it is not a RouterOS topic, but I also became interested so thank you.
In your reply, do you mean that you installed a the personal cert in the certification store, but the CA is still in a file and you pointed that file in the ovpn config?
Yes. I don’t know what to do about CA. I found “cryptoapica” option, which was part of original patch when support for certificate store was added, but it looks like it was lost on the way, because it’s not in current OpenVPN. I didn’t find any replacement, but there should be something, it wouldn’t make much sense to support certificate store only for client certificate and not for CA certificate.
yes I tried to install it into personal certificate store on Windows, so user will not be prompted to input the password from the certificate (p12 certificate from EJBCA certification authority).
But it fails, so I will try it with those two parameters which are mentioned above and will let you know about the results.