[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] build-key-pass confusion


  • Subject: Re: [Openvpn-users] build-key-pass confusion
  • From: "Michael D. Berger" <m.d.berger@xxxxxxxx>
  • Date: Wed, 27 Jun 2007 10:43:34 -0400
  • Importance: Normal

I tried the PEM password as you suggest.  On my WinXP
laptop client, if I start OpenVPN on a command line,
it does ask for the passphrase.  However, if I start
it as a service, there appears to be no opportunity
to enter the passphrase.  Any suggestions?
Mike.

--
Michael D. Berger
m.d.berger@xxxxxxxx 
http://www.rosemike.net/


> -----Original Message-----
> From: jeffcrocker@xxxxxxxxx [mailto:jeffcrocker@xxxxxxxxx] On 
> Behalf Of Jeff Crocker
> Sent: Wednesday, June 27, 2007 1:46 AM
> To: Michael D. Berger
> Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openvpn-users] build-key-pass confusion
> 
> 
> Someone please correct me if I'm wrong, but there are two seemingly
> similar "password" options when creating OpenVPN certificates.
> 
> One is "PEM pass phrase" and the other is "challenge password".
> 
> The "PEM pass phrase" option protects the key and prompts the user for
> the pass phrase/password prior to connecting to the VPN. This is what
> you want. This pass phrase/password is created during the certificate
> creation process. The normal "build-key" script does not prompt you to
> set this option during the certificate creation process. Instead, you
> must use the "build-key-pass" script which DOES prompt you.
> 
> I have no idea what the "challenge password" option is for. Can anyone
> elaborate what purpose it serves?
> 
> 
> 
> 
> The "challenge password" is
> 
> On 6/26/07, Michael D. Berger <m.d.berger@xxxxxxxx> wrote:
> >
> >
> > Great idea if it worked! I tried it with my WinXP
> > laptop and it never asked me for a password.
> >
> > Mike.
> > --
> > Michael D. Berger
> > m.d.berger@xxxxxxxx
> > http://www.rosemike.net/
> >
> >
> >
> > -----Original Message-----
> > From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx
> > [mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On
> > Behalf Of Mister T
> > Sent: Tuesday, June 26, 2007 10:26 AM
> > To: Todd and Margo Chester
> > Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > Subject: Re: [Openvpn-users] build-key-pass confusion
> >
> > Dear,
> >
> > You can protect your certificate with a password. You can choose the
> > password yourself but if you want to use OpenVPN GUI it is 
> best to use a
> > numerical one with maximum 8 digits.
> >
> > This password will be asked each timeyou setup an opevpn tunnel.
> >
> > It is a good idea to use password protected certificates if 
> you store them
> > on your client machine (not advisable).
> >
> > If you plan to store you certificates on a SmartCard, I 
> would not use this
> > option as the SmartCard is allready protected by a PIN 
> (password) and 2 PINs
> > is too much.
> >
> > Regards,
> > Thierry
> >
> >
> >
> > 2007/6/25, Todd and Margo Chester <ToddAndMargo@xxxxxxxxxxx>:
> > > Hi All,
> > >
> > > I am confused.  I am reading how to set
> > > up a certificate:
> > >
> > >     http://openvpn.net/howto.html#pki
> > >
> > > If states:
> > >
> > >     If you would like to password-protect
> > >     your client keys, substitute the
> > >     build-key-pass script.
> > >
> > > Okay.  What password?  Where is it used?
> > > Where is the rest of the explanation?
> > > Why would I want to use it?
> > >
> > > Would some kind person please educate me?
> > >
> > > Many thanks,
> > > -T
> > >
> > >
> > >
> > 
> --------------------------------------------------------------
> -----------
> > > This SF.net email is sponsored by DB2 Express
> > > Download DB2 Express C - the FREE version of DB2 express and take
> > > control of your XML. No limits. Just data. Click to get it now.
> > > http://sourceforge.net/powerbar/db2/
> > > _______________________________________________
> > > Openvpn-users mailing list
> > > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > >
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users
> > >
> >
> >
> > 
> --------------------------------------------------------------
> -----------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Openvpn-users mailing list
> > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users
> >
> >
> 
> 
> -- 
>   Jeff Crocker
>   Computer Guy
>   503.484.5177
>   jeff@xxxxxxxxxxxxxxxxxxxxx
> --
> 

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users