Hello,
The new limited service account does'nt have access to the Windows
certificate store
2025-09-10 17:59:04 DEPRECATED: --persist-key option ignored. Keys are
now always persisted across restarts.
2025-09-10 17:59:04 WARNING: Using --management on a TCP port WITHOUT
passwords is STRONGLY discouraged and considered insecure
2025-09-10 17:59:04 WARNING: Using --management on a TCP port WITHOUT
passwords is STRONGLY discouraged and considered insecure
2025-09-10 17:59:04 OpenVPN 2.7_beta1 [git:v2.7_beta1/1e7b9a0fb021f0a6]
Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Sep
5 2025
2025-09-10 17:59:04 Windows version: 10.0.22631,amd64
2025-09-10 17:59:04 library versions: OpenSSL 3.5.2 5 Aug 2025, LZO 2.10
2025-09-10 17:59:04 DCO version: 2.7.1
2025-09-10 17:59:04 Error in cryptoapicert: failed to acquire key. Key
not present or is in a legacy token not supported by Windows CNG API: Le
jeu de clés n’existe pas. (errno=-2146893802)
2025-09-10 17:59:04 Cannot load certificate "TMPL:[redacted]" from
Microsoft Certificate Store
2025-09-10 17:59:04 Exiting due to fatal error
This will be a regression to all environnements with an config-auto
using a a certificate stored in Cert:\LocalMachine.
If I manually add the permission to the private key to NT
Service\OpenVPNServocefrom this procedure:
https://www.codyhosterman.com/2019/06/assigning-read-access-to-windows-private-key/,
the connection works again.
Hope they will be a fix to preserve theses environnements.
Regards,
Louis
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
