App Support.

We're here to help.

Error: You must define CA file (--ca) or PKCS#12 file (--pkcs12)

By default OpenVPN assumes you are using Public Key Infrastructure (PKI) for Authentication (the SSL/TLS Client option in Viscosity). For this to work OpenVPN expects you to define a CA certificate, a client certificate, and a client key (or a pkcs12 file that combines all of these). If these are not defined then you will receive the error message you are getting.

These files should have been supplied to you by your VPN provider. If you do not have these files, or they have been lost, you should contact your VPN provider and ask for them to be re-sent. For more information please refer to How Do I Find Out Who My VPN Provider Is?.

Once you have these files you need to edit your connection in Viscosity like so:

  1. Open Viscosity's Preferences window and make sure the Connections toolbar icon is selected.
  2. Select your connection and click the Edit button.
  3. Click on the Certificates tab.
  4. Set the Authentication Type to be "SSL/TLS Client" if you have been given CA, Certificate, and Key files, or to "SSL/TLS Client (PCKS12)" if you have been given a pkcs12 file.
  5. Click the "Select" button next to each of the appropriate fields, select the corresponding file, and then click the Open button.
  6. When finished click the Save button.