Opened 9 years ago

Closed 8 years ago

#211 closed Bug / Defect (fixed)

OpenVPN Windows TAP driver certificate expired

Reported by: ert Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN 2.2.2 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

In the currently distributed installation packages, the certificate that ships with the TAP drivers expired on 2012/04/14.
Therefore I cannot add it to the trust store as it's invalid now.
Please sign the driver with an up-to-date certificate.

Change History (4)

comment:1 Changed 9 years ago by alonbl

Which package?
The release?
You should not install production certificate in your store.
Executable is valid even after signing using timestamp service.
Or you mean the tap is not timedstamped...?

comment:2 Changed 9 years ago by ert

Hi,

Sorry that I haven't been clear enaough, I thought that "Version 2.2.2" should be enough information.
I tried the following packages:

http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-install.exe
http://swupdate.openvpn.org/community/releases/openvpn-2.3-alpha1-install.exe

Both are affected.
How to reproduce:

  • unpack the tap-drivers from the executable, i.e. with 7zip.
  • Doubleclick on the tap0901.cat
  • In the "Security Catalog" dialog appearing click on "View Signature" in "General" tab
  • Click on "View Certificate" on the "General" tab
  • Check validity date of certificate.

Now for the reason why the validity date maybe matters:
My aim is to be able to install OpenVPN silently without the annoying dialog
that keeps asking the user whether he trusts OpenVPN Inc. or not, which is
blocking the installation process.
I found this solution, which states that the annoying dialog should vanish
if you add the certificate to the Trusted Store:
http://wpkg.org/openVPN

Now I tried that solution, but I still keep getting the annoying message.
So I checked the certificate in the Trusted Store and saw that it is marked
invalid there, as it expired in April.
I thought that this may be the reason why the solution is not working.

Of course, I'm open for other silent install solutions.
The system where I tried this was Windows 7 64bit.

comment:3 Changed 8 years ago by ert

The new driver offered in http://community.openvpn.net/openvpn/ticket/97#comment:9 contained a new certificate which I was able to install without a problem.
So you can consider this as fixed now, thanks.

comment:4 Changed 8 years ago by Samuli Seppänen

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.