Security Advisory

Digital Signature Expiration on OpenVPN Connect Installers

Our OpenVPN Connect v2 and v3 client software for macOS is signed using our official digital signature. The signatures of signed installers are also stored on Apple's servers using their software notarizing solution. Signing and notarizing our software ensures that the program you download from our website or our business products is intact and valid for installation on your system. This is beneficial to the security of our software and your systems.

The digital signature used on our OpenVPN Connect v2 and v3 client software for macOS will expire on October 26, 2020. After this date a particular check on the digital signature might fail. We have updated our client software with a new digital signature that will be valid until September 2025. 

Please note that already installed software is not affected by this. That will continue to function normally. It is only new installations that might get a warning message during the installation process about the certificate being invalid because it has expired. 

We have updated our client software on our website and on our CloudConnexa product. These versions of OpenVPN Connect have been updated with the new signature:

  • OpenVPN Connect v3.2.4.2392 and above
  • OpenVPN Connect v2.7.1.111 and above
  • OpenVPN Access Server bundled Clients Package v14 and above

On OpenVPN Access Server, the administrator of the server will have to update the Bundled Clients Package (openvpn-as-bundled-clients) to v14 or higher to ensure that the newly signed OpenVPN Connect v2 and v3 software installers can be offered to your users on your Access Server.

Instructions to update the bundled clients package on your Access Server are below. If you have any questions, please contact our support team for more information.

To update on Ubuntu/Debian systems:

sudo apt update && apt upgrade openvpn-as-bundled-clients

To update on CentOS/Red Hat systems:

sudo yum update openvpn-as-bundled-clients