Description of problem: OpenVPN since version 2.3 have supported --extra-certs, but the OpenVPN NetworkManager plug-in does not understand this option. This option points to a file or can be an embedded file a configuration file. From the man page: --extra-certs file Specify a file containing one or more PEM certs (concatenated together) that complete the local certificate chain. This option is useful for "split" CAs, where the CA for server certs is dif‐ ferent than the CA for client certs. Putting certs in this file allows them to be used to complete the local certificate chain without trusting them to verify the peer-submitted certificate, as would be the case if the certs were placed in the ca file. One known VPN service provider actively using this feature is Private Tunnel ( https://www.privatetunnel.com/ )
Feature added upstream: https://gitlab.gnome.org/GNOME/network-manager-openvpn/commit/3c8d06797dcfdd0111fa228f90741712495180b8 which is present in 1.8.2 or newer. EPEL is still at 1.2.6