Hello Sir.
I have created turnkey auto/pre-configured OpenVPN clients for customers in the past. I would implement for you a OpenVPN installer using NSIS to handle preauthentication and certificate download.
On windows, it is no problem for NSIS to preload any configuration data you need, and a certificate fetch and/or generation can be implemented.
Depending on the security parameters you need to fulfill, server-side OR client-side key generation for the software can be implemented. (Depending on your client and/or regulatory needs, they may want the 'private' part of key generation done on their end.)
It is not entirely clear to me in your bid description whether or not you've implemented a provisioning system in your web application yet (i.e. for client certificate/key management). If you have that implemented already, please let me know, and I can reduce my bid accordingly. I will assume, for now, that building that is a requirement.
As for whitelabeling the software, thats definitely no problem either. I assume your distribution of OpenVPN still complies with the GPL that OpenVPN is distributed under?
Looking forward to hear back from you.