OpenVPN - Storage of Certificates

Wouldn't allow me to edit & update for some reason:

**EDIT**
See attached screenshot of one of my OpenVPN connections.

For the CA, Client and Key cert's, I pointed them to a file located on my hard disk. So does this config still reference that file? Or is it contained in the configuration of this VPN entry? Looking at the xml it seems to be encrypted and contain vast amounts of data, so I'd assumed it is stored in the config itself. But wanting to verify.

If they do reference the actual files from storage, then is it possible to have all of this embedded?

I did try to include them in the 'Additional Paramters' section, similiar to another connection I imported, like so:

<ca>
----- begin blah -----
blah
blah
blah
blah
----- end blah -----
</ca>
<client>
----- begin blah -----
blah
blah
blah
blah
----- end blah -----
</client>
<key>
----- begin blah -----
blah
blah
blah
blah
----- end blah -----
</key>


However on this particular connection when I did that, it started to complain about them. And what I noticed is that when I exported that config to a file it would have those certs all spaced out like so:

<ca>
----- begin blah -----

blah

blah

blah

blah

----- end blah -----
</ca>
<client>
----- begin blah -----

blah

blah

blah

blah

----- end blah -----
</client>
<key>
----- begin blah -----

blah

blah

blah

blah

----- end blah -----
</key>


I tested this with my other connection that stored them in this manner and the export looked normal, with out all the extra lines. Maybe order matters? Can someone shed some light?

HB

Hello Hector,

When selecting a certificate in OpenVPN entry, RDM imports the files. So yes certificates are embedded and usable by other users.

When you add CA Certificate, RDM adds automatically the line
ca "CA_Certificate_Name.crt"

And it is the same process for Client Certificate, Client Key and TLS key.

Regarding the Export button which adds empty lines in the .ovpn file, I was able to reproduce the issue.

This occurs when you click Additional Parameters and you edit the file from there. As soon as you export it, empty lines are added.

As a workaround I urge you to edit the .ovpn file directly instead of using the Additional Parameters to edit the file.

A ticket will be created with the engineering department and we will inform you when the issue is solved.

Best regards,

Hey David,

I did a lot of fiddling around with a ton of different VPNs that day, so I may be mixing the details of what I did, but I remember trying these sorts of things:

Took the .OVPN file and made sure it worked in a standalone fashion FIRST separate from RDM and just in OpenVPN (this was with the embedded certs). Then I used the import function in the RDM OpenVPN session/entry, saved and tried it out, at that point is when I saw the certificate errors I mentioned previously. When I did the export, I hadn't actually edited it directly from the 'Additional Parameters' editor, I just exported it as is after it had been imported, and that's when I saw the extra lines. which led me to believe it was importing those certs with those extra lines. I compared my new line characters to that of the file that I new that worked and there was NO difference.

I'll reply when I re-verify the above, but I'm pretty sure that was how it all happened.

Now I did get it to work using your method of the 'ca "cert.crt"' method, but what I noticed is if I went back to the folder where they were added from and then removed/renamed them, the connection would no longer work. However I don't remember if I had those import lines inside the .OVPN file prior to me importing, OR if I just used the properties for each of those certs and navigated folder explorer to their location. SO I will retest that as well.

HB

Hi Hector,

If you edit the file directly from his location
%localappdata%\Devolutions\RemoteDesktopManager\OpenVPN

That could cause issues, because the "real" data are stored in the database. If I explain, when you create an entry in Remote Desktop Manager, every information including certificates are saved in the database. Then when you execute Openvpn's entry, RDM will create the folder and the certificate related.

If you need to edit information using the files, it might cause issue and other users won't have the same information as you. It's preferable to use RDM for every modification.

Please inform me what will be the results of your new test.

Regards,

@David,

I haven't re-tested anything yet, haven't had time yet, however the files I "removed" were in the original location they were stored, of the VPN program, so nothing in RDM's directory.

HB