Q: How do I export the certificate bundle for injection into QWS Endpoint base image?

A: From the BDC web GUI, navigate to VPN → OpenVPN → Client export

  1. Download the certificate bundle as indicated in the image above
  2. Edit the OVPN file, and replace the LAN address with the public IP of the FQDN
    1. The line will read as “remote x.x.x.x 1194 udp4”, where x.x.x.x is the local LAN IP address specified earlier during installation
    2. This needs to be a numerical value (rather than an FQDN) to eliminate any DNS related issues for individual deployments
  3. Rename the downloaded OVPN file to “client.ovpn”
  4. Add to a zip file called “vpn-c.zip”
  5. Place this file under /opt/cert/vpn/ on the BDC server
  6. This file will inject all connectivity information and certificates into each QWS Endpoint when they register, sent via the public IP provided during initial image creation on the BicDroid DLP server

A future version will have a script that can be executed by the IT admin to create this bundle automatically, and place it in the proper directory for export.




  • No labels