Take in mind that the certificates are public data because just contain the public key signed by the Certification Authority. What you have to protect is the private keys. To obtain the private key, a user needs to login in the web interface of zeroshell with his/her password.
Last night I configured a connection from home to one of my zs routers and I thought I used the certificates in pkcs12 format from the login page to configure the OpenVPN client on my linux workstation box. But I was wrong. The one I used by mistake was the one I have downloaded previously from inside the private area.
That’s what made me think there was an error with the certificates on the loggin page. I always use pkcs12 format because i don’t have to deal with 3 files, but, obviously, the one exported from the login page does not have the private key included, which is the right.
Thank you for you help, and, again, you`re doing a wonderful job with zeroshell, Fulvio.