Using Certificates from System Keychain at Startup

[Eric Crist]

I've so far been unable to find mention of utilizing certificates from the macOS System Keychain.  We are using an MDM provider (Jamf) to help generate and push machine certificates and their certificate chain to our fleet of Macs.  

I want to reference those same certificates in the Tunnelblick configurations we push out, to avoid duplication of files and data, and to help ensure that the certificates are updated routinely and the correct ones are being used for the VPN.

Any pointers are appreciated.

[Tunnelblick developer]

There is an open pull request for Tunnelblick to add this, but changes to it are needed for it to be accepted into Tunnelblick and those changes have never been made.

Short summary of the history of this patch: A patch that accomplished this was committed to the "contrib" section of OpenVPN in 2015. However, in 2017 the patch was removed because of security concerns. Removing the patch was done with the hope/expectation that Tunnelblick would "take it over" but nobody has stepped up to address the security and other concerns in the pull request, so it has not been accepted.