How to make the app work with profiles that lack a client certificate/key?
If you want to use an OpenVPN connection profile in OpenVPN Connect that connects to a server without a client certificate/key, you will need to add the following directive to your profile:
setenv CLIENT_CERT 0
This is necessary because the OpenVPN3 client library used in OpenVPN Connect assumes that a client and server certificate are used for verifying the identity of the client and the server in both directions. The client needs to be told not to expect a client key/certificate, because otherwise the client app can't know whether an external certificate/key pair should be obtained from the system certificate store, or whether the server actually doesn't require a client certificate/key (for example if the server is configured with the client-cert-not-required directive). The option is given as a "setenv" to avoid breaking other OpenVPN clients that might not recognize it.