Opened 12 years ago

Closed 11 years ago

#211 closed Bug / Defect (fixed)

OpenVPN Windows TAP driver certificate expired

Reported by: ert Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN 2.2.2 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


In the currently distributed installation packages, the certificate that ships with the TAP drivers expired on 2012/04/14.
Therefore I cannot add it to the trust store as it's invalid now.
Please sign the driver with an up-to-date certificate.

Change History (4)

comment:1 Changed 12 years ago by alonbl

Which package?
The release?
You should not install production certificate in your store.
Executable is valid even after signing using timestamp service.
Or you mean the tap is not timedstamped...?

comment:2 Changed 12 years ago by ert


Sorry that I haven't been clear enaough, I thought that "Version 2.2.2" should be enough information.
I tried the following packages:

Both are affected.
How to reproduce:

  • unpack the tap-drivers from the executable, i.e. with 7zip.
  • Doubleclick on the
  • In the "Security Catalog" dialog appearing click on "View Signature" in "General" tab
  • Click on "View Certificate" on the "General" tab
  • Check validity date of certificate.

Now for the reason why the validity date maybe matters:
My aim is to be able to install OpenVPN silently without the annoying dialog
that keeps asking the user whether he trusts OpenVPN Inc. or not, which is
blocking the installation process.
I found this solution, which states that the annoying dialog should vanish
if you add the certificate to the Trusted Store:

Now I tried that solution, but I still keep getting the annoying message.
So I checked the certificate in the Trusted Store and saw that it is marked
invalid there, as it expired in April.
I thought that this may be the reason why the solution is not working.

Of course, I'm open for other silent install solutions.
The system where I tried this was Windows 7 64bit.

comment:3 Changed 12 years ago by ert

The new driver offered in contained a new certificate which I was able to install without a problem.
So you can consider this as fixed now, thanks.

comment:4 Changed 11 years ago by Samuli Seppänen

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.