From 3f5d7f07797cee3f9f613363fe146e549d4f9c4e Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Fri, 5 Apr 2024 19:05:45 +0200
Subject: [PATCH] VPN: OpenVPN: Instances - only complain about a missing
 linked CA when none is being offered otherwise, if we're not going to use the
 attached CA, it should also be safe to ignore it.

---
 src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
index 15268f6bc..2b822256e 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
@@ -136,7 +136,7 @@ class OpenVPN extends BaseModel
             }
             if (!empty((string)$instance->cert)) {
                 $tmp = Store::getCertificate((string)$instance->cert);
-                if (empty($tmp) || !isset($tmp['ca'])) {
+                if (empty((string)$instance->ca) && (empty($tmp) || !isset($tmp['ca']))) {
                     $messages->appendMessage(new Message(
                         gettext('Unable to locate a CA for this certificate.'),
                         $key . ".cert"