Opened 10 years ago

Closed 17 months ago

#466 closed Bug / Defect (wontfix)

OpenVPN Connect client does not use SCEP provisioned user identity certificate from keychain

Reported by: hansooloo Owned by: OpenVPN Inc.
Priority: major Milestone:
Component: OpenVPN Connect Version: 1.0.2
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


Working on an automatic provisioning process to ensure user's accounts are configured properly.


  1. User should not be prompted for any username, password.
  2. User should not be prompted to select a certificate.
  3. User should be able to simply select the service profile in OpenVPN client and click ON to connect to the service.


  1. User goes to a page where there is a link to start iOS specific SCEP process (based on Apple guidelines).
  2. Device receives request to enroll, generate key pair and send CSR to server.
  3. Server signs cert, send back to client. This will be used for 1. OpenVPN connections. Let’s say, CN=“user1”.
  4. Page sends a provisioning profile that includes OpenVPN config (

Observed Behavior:
When user opens the OpenVPN Connect app, the client certificate is NOT automatically selected.

Expected Behavior:
I’d like the client to respect the PayloadCertificateUUID key in the provisioning profile linked above to auto-select the certificate.

Additional Information:
I can make the iOS native IPsec client to auto-select the certificate using the above mentioned PayloadCertificateUUID method. I just cannot seem to accomplish this on OpenVPN.

Change History (4)

comment:1 Changed 9 years ago by Samuli Seppänen

Owner: set to jamesyonan
Status: newassigned

comment:2 Changed 6 years ago by Antonio Quartulli

Owner: changed from jamesyonan to Antonio Quartulli

comment:3 Changed 3 years ago by Antonio Quartulli

Owner: changed from Antonio Quartulli to OpenVPN Inc.

comment:4 Changed 17 months ago by Gert Döring

Resolution: wontfix
Status: assignedclosed

OpenVPN Inc does not want to receive any feedback for the "Connect"
OpenVPN clients via the community bug trackers (here and in GH issues).

Please resubmit - if still relevant - via

Note: See TracTickets for help on using tickets.