id summary reporter owner description type status priority milestone component version severity resolution keywords cc 1431 Cryptoapicert stops working after 2.5.3 -> 2.5.4 upgrade (Windows 10) vartik "Hi, Since we've upgraded our Windows 10 OpenVPN clients to 2.5.4, an essential auth mechanism stopped working. It seems the 2.5.4 client can't load certificates from the MS certificate store. Both options for `cryptoapicert` don't work now (`SUBJ:` nor `THUMB:`) with MS cert store. I have a correct config file that works with both methods in OpenVPN GUI version 2.5.3, but neither work in 2.5.4 (on the same computer). After initiating a connection, we get this error. [[Image(https://user-images.githubusercontent.com/4114876/137141220-d13f1556-1005-46a0-a954-13a6c2dcdf32.png)]] Rolling back to 2.5.3 ""fixes"" the issue and VPN connects: This is how our config file looks like (generated by pfSense openvpn export plugin): {{{ dev tun persist-tun persist-key data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC data-ciphers-fallback AES-256-CBC auth SHA256 tls-client client resolv-retry infinite remote vpn.example.com 1197 udp4 setenv opt block-outside-dns lport 0 verify-x509-name ""Example Server"" name auth-user-pass ca vpn-UDP4-1197-username-ca.crt ### Using only 1 option at a time #cryptoapicert ""SUBJ:username, US, .... etc. "" cryptoapicert ""THUMB:047*******"" tls-crypt vpn-UDP4-1197-username-tls.key remote-cert-tls server explicit-exit-notify reneg-sec 36000 }}} " Bug / Defect closed critical release 2.5.4 Certificates OpenVPN 2.5.4 (Community Ed) Not set (select this one, unless your'e a OpenVPN developer) fixed vartik@…