[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] use pkcs12 certificates or not

Hello list,

Can somebody explain to me (and the rest of the list, if interested) if the 
use of pkcs12 certificates is better or not better / safer /handier / better 
manageable as the ca, cert and key directives in the openvpn configuration 
files ?

I understand it so far:
You can convert a existing key pair to a (binary) pkcs12 certificate, where 
the pkcs12 combines the ca, crt and key in one file.
I've got this from the openvpn man page:
--pkcs12 file
Specify a PKCS #12 file containing local private key, local certificate, and 
root CA certificate. This option can be used instead of --ca, --cert, 
and --key.
If you passwd protect the exported key, the whole pkcs12 key is encrypted 
with that passwd.

Is this passwd similar to passwd protected key of the build-key-pass script?
Can the pkcs12 passwd changed in the same way as a normal key can be done? I 
red somewhere that you can't change the export passwd of pkcs12 key.
I hope somebody can some light on this.

John Knappers
The Netherlands 

Openvpn-users mailing list