How to move certs into individual sub dir?

IPFire seems to store newly created certificates in the directory “/var/ipfire/ovpn/certs”, but alongside with files like “index.txt” and “serial”. From maintaining OpenSSL certificates for OVPN manually, I know that in theory those files can be placed differently using some keys in the file “/var/ipfire/ovpn/openssl/ovpn.cnf”. Though, it seems that IPFire tracks certs in the additional file “/var/ipfire/ovpn/ovpnconfig” by some file name.

So, is it safe to customize “ovpn.cnf” of OpenSSL at all? I’m wondering if it will be overwritten during upgrades or alike.

How are names in “ovpnconfig” mapped, so that IPFire can find actual files? Is there something additionally hard-coded somewhere or does IPFire itself simply looks into the config file of OpenSSL where certs are stored and maps file names?


Yes, this file will be overwritten. We consider it a system configuration file and nothing that is meant to be changed by the user.

Paths are hardcoded in the CGI and other scripts.