Opened 7 years ago

Last modified 3 months ago

#466 assigned Bug / Defect

OpenVPN Connect client does not use SCEP provisioned user identity certificate from keychain

Reported by: hansooloo Owned by: OpenVPN Inc.
Priority: major Milestone:
Component: OpenVPN Connect Version: 1.0.2
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


Working on an automatic provisioning process to ensure user's accounts are configured properly.


  1. User should not be prompted for any username, password.
  2. User should not be prompted to select a certificate.
  3. User should be able to simply select the service profile in OpenVPN client and click ON to connect to the service.


  1. User goes to a page where there is a link to start iOS specific SCEP process (based on Apple guidelines).
  2. Device receives request to enroll, generate key pair and send CSR to server.
  3. Server signs cert, send back to client. This will be used for 1. OpenVPN connections. Let’s say, CN=“user1”.
  4. Page sends a provisioning profile that includes OpenVPN config (

Observed Behavior:
When user opens the OpenVPN Connect app, the client certificate is NOT automatically selected.

Expected Behavior:
I’d like the client to respect the PayloadCertificateUUID key in the provisioning profile linked above to auto-select the certificate.

Additional Information:
I can make the iOS native IPsec client to auto-select the certificate using the above mentioned PayloadCertificateUUID method. I just cannot seem to accomplish this on OpenVPN.

Change History (3)

comment:1 Changed 6 years ago by Samuli Seppänen

Owner: set to jamesyonan
Status: newassigned

comment:2 Changed 4 years ago by Antonio

Owner: changed from jamesyonan to Antonio

comment:3 Changed 3 months ago by Antonio

Owner: changed from Antonio to OpenVPN Inc.
Note: See TracTickets for help on using tickets.