OpenVPN Connect client does not use SCEP provisioned user identity certificate from keychain

[hansooloo]

Working on an automatic provisioning process to ensure user's accounts are configured properly.

Requirements:

1. User should not be prompted for any username, password.
2. User should not be prompted to select a certificate.
3. User should be able to simply select the service profile in OpenVPN client and click ON to connect to the service.

Flow:

1. User goes to a page where there is a link to start iOS specific SCEP process (based on Apple guidelines).
2. Device receives request to enroll, generate key pair and send CSR to server.
3. Server signs cert, send back to client. This will be used for 1. OpenVPN connections. Let’s say, CN=“user1”.
4. Page sends a provisioning profile that includes OpenVPN config (​https://gist.github.com/HanSooloo/e53cfa6541c9668a3f73).

Observed Behavior:
When user opens the OpenVPN Connect app, the client certificate is NOT automatically selected.

Expected Behavior:
I’d like the client to respect the PayloadCertificateUUID key in the provisioning profile linked above to auto-select the certificate.

Additional Information:
I can make the iOS native IPsec client to auto-select the certificate using the above mentioned PayloadCertificateUUID method. I just cannot seem to accomplish this on OpenVPN.

[Gert Döring]

OpenVPN Inc does not want to receive any feedback for the "Connect"
OpenVPN clients via the community bug trackers (here and in GH issues).

Please resubmit - if still relevant - via ​https://support.openvpn.net/