Opened 12 years ago
Closed 11 years ago
#211 closed Bug / Defect (fixed)
OpenVPN Windows TAP driver certificate expired
| Reported by: | ert | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Generic / unclassified | Version: | OpenVPN 2.2.2 (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
In the currently distributed installation packages, the certificate that ships with the TAP drivers expired on 2012/04/14.
Therefore I cannot add it to the trust store as it's invalid now.
Please sign the driver with an up-to-date certificate.
Change History (4)
comment:1 Changed 12 years ago by
comment:2 Changed 12 years ago by
Hi,
Sorry that I haven't been clear enaough, I thought that "Version 2.2.2" should be enough information.
I tried the following packages:
http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-install.exe
http://swupdate.openvpn.org/community/releases/openvpn-2.3-alpha1-install.exe
Both are affected.
How to reproduce:
- unpack the tap-drivers from the executable, i.e. with 7zip.
- Doubleclick on the tap0901.cat
- In the "Security Catalog" dialog appearing click on "View Signature" in "General" tab
- Click on "View Certificate" on the "General" tab
- Check validity date of certificate.
Now for the reason why the validity date maybe matters:
My aim is to be able to install OpenVPN silently without the annoying dialog
that keeps asking the user whether he trusts OpenVPN Inc. or not, which is
blocking the installation process.
I found this solution, which states that the annoying dialog should vanish
if you add the certificate to the Trusted Store:
http://wpkg.org/openVPN
Now I tried that solution, but I still keep getting the annoying message.
So I checked the certificate in the Trusted Store and saw that it is marked
invalid there, as it expired in April.
I thought that this may be the reason why the solution is not working.
Of course, I'm open for other silent install solutions.
The system where I tried this was Windows 7 64bit.
comment:3 Changed 12 years ago by
The new driver offered in http://community.openvpn.net/openvpn/ticket/97#comment:9 contained a new certificate which I was able to install without a problem.
So you can consider this as fixed now, thanks.
comment:4 Changed 11 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Which package?
The release?
You should not install production certificate in your store.
Executable is valid even after signing using timestamp service.
Or you mean the tap is not timedstamped...?