Description: When downloading the OpenVPN Connect app from the Access Server Client Web UI:
You could see this warning:
And while trying to install the OpenVPN Connect app installer, you could see this Microsoft Defender SmartScreen warning:
Explanation: Microsoft SmartScreen warnings may display when downloading and installing OpenVPN Connect from your own Access Server. That is because when you download OpenVPN Connect from your Access Server, your Access Server adds a connection profile to the installer file itself. This action invalidates the digital signature. The digital signature is still there, but the file was altered after it was signed. In 2021, Microsoft released an update for Windows that changed how digital signature verification. Previously, we could bundle a connection profile after the signed data without an issue, but this now triggers a signature verification failure, resulting in the warning message.
Solution: You have any of the below options when you see this warning:
- Override the warning, install the OpenVPN Connect installer downloaded from the Access Server anyway and accept that a valid signature isn't possible (not due to our doing, but due to the way Microsoft now verifies digital signatures, it is out of our control).
- Download the OpenVPN Connect installer from our website here OpenVPN Connect for Windows. The installer there is properly signed and passes all tests but doesn't include a bundled profile. However, you can download the client profile (.ovpn file) from the Access Server Client Web UI or import it directly from the app by following the instructions here Download the Client Profile.
- Create an OpenVPN Connect installer from the Access Server command line interface (CLI). Follow the instructions here Create an OpenVPN Connect Installer to create an installer with a bundled profile and export that OpenVPN Connect installer via WinSCP or SCP. Windows performs signature checks on files downloaded from the internet. If you generate file via CLI and distribute it to Windows machines in some different way (USB mass storage device, Windows share, etc.) you can install the MSI package without warning.
If you have additional questions, please submit a ticket.
Comments
0 comments
Please sign in to leave a comment.