0017381: Add certificate, key, and ca to ovpn file.
Migrated from: https://tracker.clearos.com/view.php?id=17381
Support has been added to allow the certificate, key, and ca file.
Syntax looks like this:
dev tun
port 1194
proto udp
remote hostname.example.com
nobind
comp-lzo
persist-key
persist-tun
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIELTCCAxWgAwIBAgIJAN+eFXd7HL1cMA0GCSqGSIb3DQEBCwUAMIGsMQswCQYD
VQQGEwJVUzERMA8GA1UEBwwIQW55d2hlcmUxEDAOBgNVBAoMB0NsZWFyT1MxCzAJ
...
e3aNlRz4eT+SQPRhNbFqDZ0Davwc73fLpu1goXcPW+n5mgj+SNSOQyDa49Ir6VPe
txydcSsvi+eKBwav4qx1pDA=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIID7jCCAtagAwIBAgIDIAAEMA0GCSqGSIb3DQEBCwUAMIGsMQswCQYDVQQGEwJV
UzERMA8GA1UEBwwIQW55d2hlcmUxEDAOBgNVBAoMB0NsZWFyT1MxCzAJBgNVBAsM
...
4w3XOapECrNS7VRMufH3e8F8hznjp1vTNP1LPzhEBsqUjDn19CHgKMHi6FPZKM67
Ins=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDia4o44AzPaYOU
/qK57MqG6bOMT1Llm/FW4axzPh/N9cEnV/B7gvZw7eXwh/FREB/VdJo+FSLSJD9H
...
OMW5kQLBkfJfVgco2bwzlGvsHOOF7lF464Ud/sVsSo06XK4iL36+FrUHMKShnbWG
JQgqwLz2QLYqw+W3v9sEdC+7
-----END PRIVATE KEY-----
</key>
Additional Information I found this script useful to convert the certificate, key, and ca to the proper format:
https://gist.github.com/mertdumenci/9768597 [^]
NHowitt: This method works well and is much easier for loading profiles into iOS devices as they can be loaded straight from e-mails rather than using iTunes to load the files. It does, however, not allow the use the keychain for certificates, but it is probably no more "risky" than the current method which also does not use keychains.
Edited by Nick