IPFire seems to store newly created certificates in the directory “/var/ipfire/ovpn/certs”, but alongside with files like “index.txt” and “serial”. From maintaining OpenSSL certificates for OVPN manually, I know that in theory those files can be placed differently using some keys in the file “/var/ipfire/ovpn/openssl/ovpn.cnf”. Though, it seems that IPFire tracks certs in the additional file “/var/ipfire/ovpn/ovpnconfig” by some file name.
So, is it safe to customize “ovpn.cnf” of OpenSSL at all? I’m wondering if it will be overwritten during upgrades or alike.
How are names in “ovpnconfig” mapped, so that IPFire can find actual files? Is there something additionally hard-coded somewhere or does IPFire itself simply looks into the config file of OpenSSL where certs are stored and maps file names?