Main Page Computing Hobbies Fun About

Changing OpenVPN passwords

Category: Computing Keywords: OpenVPNsecurityLinux Share on Google+ Share on Facebook Share on Twitter Share on Digg

OpenVPN handles authentication and encryption using client certificates and private keys. The private keys should be kept secret. To help with that, there is an option to protect them with a password.

However, depending on your setup, you may find that you want to add a password if you didn't have one (to increase the security), or remove the password if you had one (so that you can connect automatically).

The client passwords are only used on the client side, to decrypt the private keys. The server never checks the client passwords, only the client certificates (which are public). Therefore it is possible to change the password without involving the server.

In windows, the OpenVPN GUI already provides an interface to change the password (well, with some limitations). In Linux you can use the openssl command for this purpose. And I suppose you can also do that in windows or other operating systems if you have OpenSSL. Here's how:

Remove the password: openssl rsa -in client.key -out client2.key It will prompt you for the current password, and write the decrypted key to client2.key

Add or change the password: openssl rsa -in client.key -out client2.key -des3 It will prompt you for the current password (if any), then for the new password, and then write the encrypted key to client2.key

Created on 22 Nov 2009, last updated on 22 Nov 2009 Valid HTML5

Comments:

MKA's avatar
MKA

thx

26 Mar 2011
Reply

Add a comment

Your name:Email address:
(will not be displayed)
Title:
Comment:
Note: your comment will be reviewed, and displayed later if approved.
If you see this box, please leave it empty:
Your name:Email address:
(will not be displayed)
Title:
Comment:
Note: your comment will be reviewed, and displayed later if approved.
If you see this box, please leave it empty: