Interesting, it definitely does work for me, and I'm using the stock
openvpngui build. Pretty much, as soon an you try to connect a simple
dialog box pops up asking for the passphrase. I use this on a daily
Regarding smartcards, the existing openvpngui does not present a dialog
for that. I sent a patch to Mathias back last Jan for that, but it has not
made it into a build. It works pretty much the same way though....
If anyone is intersted I can make a diff and publish it somewhere on the
web; it's pretty simple.
Technicality: the passphrase is actually on the key, not on the
cert. (the cert is public info). Also, when storing a key on a
token, the passphrase is gone because this is a write-only operation: i.e.
you can't pull the key back off the token (at least with the tokens I have
used). The encryption/signing occurs in the token device itself, and
therein lies the security: it's not like a floppy disk with your keys and
Great idea if it worked! I tried it with my
laptop and it never asked me for
You can protect
your certificate with a password. You can choose the password yourself but
if you want to use OpenVPN GUI it is best to use a numerical one with
maximum 8 digits.
This password will be asked each timeyou setup an
It is a good idea to use password protected
certificates if you store them on your client machine (not
If you plan to store you certificates on a SmartCard, I
would not use this option as the SmartCard is allready protected by a PIN
(password) and 2 PINs is too much.