Provisioning Profile example #1: embedded key and cert (no .p12 payload)

It is also possible to create Provisioning Profiles having no .p12 payload. In this case key and cert have to be embedded in the VPN settings.
Please see this sample file below:
 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>IPv4</key>
            <dict>
                <key>OverridePrimary</key>
                <integer>0</integer>
            </dict>
            <key>PayloadDescription</key>
            <string>Configures VPN settings</string>
            <key>PayloadDisplayName</key>
            <string>VPN</string>
            <key>PayloadIdentifier</key>
            <string>com.apple.vpn.managed.C69FB197-D553-4A78-B024-CBCCFD7F731F</string>
            <key>PayloadType</key>
            <string>com.apple.vpn.managed</string>
            <key>PayloadUUID</key>
            <string>C69FB197-D553-4A78-B024-CBCCFD7F731F</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>Proxies</key>
            <dict>
                <key>HTTPEnable</key>
                <integer>0</integer>
                <key>HTTPSEnable</key>
                <integer>0</integer>
            </dict>
            <key>UserDefinedName</key>
            <string>test client</string>
            <key>VPN</key>
            <dict>
                <key>AuthName</key>
                <string>DEFAULT</string>
                <key>AuthenticationMethod</key>
                <string>Password</string>     <-------- NOTE: IMPORTANT WHEN NOT APPENDING A .P12 PAYLOAD
                <key>RemoteAddress</key>
                <string>DEFAULT</string>
            </dict>
            <key>VPNSubType</key>
            <string>net.openvpn.connect.app</string>    <--------- NOTE: CHANGED SINCE v1.2.5
            <key>VPNType</key>
            <string>VPN</string>
            <key>VendorConfig</key>
            <dict>
                <key>ca</key>
                <string>-----BEGIN CERTIFICATE-----\nxxxxxxxxx\n-----END CERTIFICATE-----\n</string>
                <key>cert</key>
                <string>-----BEGIN CERTIFICATE-----\nxxxxxxxxxx\n-----END CERTIFICATE-----\n</string>
                <key>cipher</key>
                <string>AES-256-CBC</string>
                <key>client</key>
                <string>NOARGS</string>
                <key>dhcp-option</key>
                <string>DNS 8.8.8.8</string>
                <key>key</key>
                <string>-----BEGIN PRIVATE KEY-----\nxxxxxxxxxx\n-----END PRIVATE KEY-----\n</string>
                <key>remote</key>
                <string>192.168.1.192 1194 udp</string>
                <key>vpn-on-demand</key>
                <string>0</string>
            </dict>
        </dict>
    </array>
    <key>PayloadDisplayName</key>
    <string>client-LAN</string>
    <key>PayloadIdentifier</key>
    <string>myidentifier.01C011CB-5A34-486B-ACAC-699374A9D772</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>EF2888C0-F204-4B17-BF46-3FD16493C9B2</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>