Community discussions

MikroTik App
 
bardossyAdrian
just joined
Topic Author
Posts: 10
Joined: Mon Jan 08, 2018 2:33 pm

Using OVPN with MS certificate store

Tue Sep 04, 2018 10:36 am

Hello,

my name is Adrian and I need your help.

My goal is to achieve usage of openvpn client on windows workstations to use certificates, which are stored in certificate store. I have tried to install them to personal store, but it is not working.

Is there any way to achieve this to use openvpn with certificates in personal certificate store? We see it, that using personal and CA certificates in one folder is a security issue and we want to secure it this way.

Thank you,

Regards,

Adrian Bardossy
 
Sob
Forum Guru
Forum Guru
Posts: 5491
Joined: Mon Apr 20, 2009 9:11 pm

Re: Using OVPN with MS certificate store

Tue Sep 04, 2018 8:40 pm

I did quick test and it works for me with client certfificate in personal store. All it needed was to replace "cert" and "key" options in config file with "cryptoapicert" option and proper identification of certificate.

Only problem I see is how to replace also "ca" option and use CA certificate from certificate store too, so far I don't see any option for that.

Also, it's not really RouterOS question.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
ros44
newbie
Posts: 40
Joined: Sun Feb 25, 2018 2:05 am
Location: Sofia, Bulgaria

Re: Using OVPN with MS certificate store

Thu Sep 06, 2018 11:40 am

Adrian , yes, it is not a RouterOS topic, but I also became interested so thank you.

In your reply, do you mean that you installed a the personal cert in the certification store, but the CA is still in a file and you pointed that file in the ovpn config?
Every moment something magical is happening!
 
Sob
Forum Guru
Forum Guru
Posts: 5491
Joined: Mon Apr 20, 2009 9:11 pm

Re: Using OVPN with MS certificate store

Thu Sep 06, 2018 1:49 pm

Yes. I don't know what to do about CA. I found "cryptoapica" option, which was part of original patch when support for certificate store was added, but it looks like it was lost on the way, because it's not in current OpenVPN. I didn't find any replacement, but there should be something, it wouldn't make much sense to support certificate store only for client certificate and not for CA certificate.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.
 
bardossyAdrian
just joined
Topic Author
Posts: 10
Joined: Mon Jan 08, 2018 2:33 pm

Re: Using OVPN with MS certificate store

Mon Dec 03, 2018 3:07 pm

Hi all,

yes I tried to install it into personal certificate store on Windows, so user will not be prompted to input the password from the certificate (p12 certificate from EJBCA certification authority).

But it fails, so I will try it with those two parameters which are mentioned above and will let you know about the results.

Best regards,
Adrian

Who is online

Users browsing this forum: Google Feedfetcher, shiyiqiang08, vecernik87 and 133 guests