[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Changing password on certificate

  • Subject: Re: [Openvpn-users] Changing password on certificate
  • From: Jason Haar <Jason.Haar@xxxxxxxxxxxxx>
  • Date: Thu, 13 Jan 2005 10:56:00 +1300

Davis Goodman wrote:

Hi everyone,

I've got an issue where one of our user has forgotten is certificate password. The person who has created the certificate can't remember the password that was assigned to this certificate. ( I know, we'll put something in place to gather these passwords ;-) ). My question:

Is there a way for root to reset the password with either OpenVPN or openssl without knowing the original one. We would rather not issue a new certificate.?

You're hosed I'm afraid. If you could somehow reset the password on a certificate, then by definition so could anyone else who happened upon that certificate. i.e. they wouldn't be very secure would they ;-)

A new cert is required.

If you are using Windows, then perhaps the CertStore/cryptoapi option would be more useful? In that environment, the private key of the cert is stored encrypted within the registry (I assume WinXP here - nothing earlier has this feature). End result is the user doesn't need to password protect the cert - but it's still protected by their domain account password.

We use that functionality with Cisco's VPN Client software - works well.


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
Openvpn-users mailing list