[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Re: Changing password on certificate

  • Subject: [Openvpn-users] Re: Changing password on certificate
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Wed, 12 Jan 2005 18:05:39 -0600

On Wed, 12 Jan 2005 17:49:26 -0500, Davis Goodman wrote:

> Well this doesn't work, I'm getting an error when trying to connect:

> Wed Jan 12 17:34:56 2005 us=68815 WARNING: No server certificate
> verification method has been enabled.  See
> http://openvpn.sourceforge.net/howto.html#mitm for more info.

This is a warning, not an error. You should heed what it says, but it's
not directly related to your current issue.

> Wed Jan 12 17:36:15 2005 us=48381 ERROR: could not not read Private Key
> password from stdin

*This* is the error.

> I guess we'll just re-issue a new one under a new name.

There's no reason to do that.

The error you're receiving is with regard to password input -- a
completely separate issue from certificate validity. Hence, there's no
logical relationship between an error stating that the private key
password could not be read from stdin and a conclusion that a key with a
new CN is necessary.

Further, reissuing under the same name isn't just theoretically possible
-- I do it all the time.

So, some questions more rationally related to the error you're receiving:

- You're launching OpenVPN on Windows, right?
- What version of Windows?
- Are you using a GUI? Which one?
- Does behavior change if you start OpenVPN from the command line?

If you're trying to launch OpenVPN as a service with a password-protected
private key, your problem is obvious -- a service has no stdin, so the
password can't be read; if this is your problem, you can either decrypt
the key on-disk (probably preferred) or use the management interface to
provide a password.

The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
Openvpn-users mailing list