[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] build-key-pass confusion


  • Subject: Re: [Openvpn-users] build-key-pass confusion
  • From: "Jeff Crocker" <jeff@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 26 Jun 2007 22:46:12 -0700

Someone please correct me if I'm wrong, but there are two seemingly
similar "password" options when creating OpenVPN certificates.

One is "PEM pass phrase" and the other is "challenge password".

The "PEM pass phrase" option protects the key and prompts the user for
the pass phrase/password prior to connecting to the VPN. This is what
you want. This pass phrase/password is created during the certificate
creation process. The normal "build-key" script does not prompt you to
set this option during the certificate creation process. Instead, you
must use the "build-key-pass" script which DOES prompt you.

I have no idea what the "challenge password" option is for. Can anyone
elaborate what purpose it serves?




The "challenge password" is

On 6/26/07, Michael D. Berger <m.d.berger@xxxxxxxx> wrote:
>
>
> Great idea if it worked! I tried it with my WinXP
> laptop and it never asked me for a password.
>
> Mike.
> --
> Michael D. Berger
> m.d.berger@xxxxxxxx
> http://www.rosemike.net/
>
>
>
> -----Original Message-----
> From: openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx
> [mailto:openvpn-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On
> Behalf Of Mister T
> Sent: Tuesday, June 26, 2007 10:26 AM
> To: Todd and Margo Chester
> Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openvpn-users] build-key-pass confusion
>
> Dear,
>
> You can protect your certificate with a password. You can choose the
> password yourself but if you want to use OpenVPN GUI it is best to use a
> numerical one with maximum 8 digits.
>
> This password will be asked each timeyou setup an opevpn tunnel.
>
> It is a good idea to use password protected certificates if you store them
> on your client machine (not advisable).
>
> If you plan to store you certificates on a SmartCard, I would not use this
> option as the SmartCard is allready protected by a PIN (password) and 2 PINs
> is too much.
>
> Regards,
> Thierry
>
>
>
> 2007/6/25, Todd and Margo Chester <ToddAndMargo@xxxxxxxxxxx>:
> > Hi All,
> >
> > I am confused.  I am reading how to set
> > up a certificate:
> >
> >     http://openvpn.net/howto.html#pki
> >
> > If states:
> >
> >     If you would like to password-protect
> >     your client keys, substitute the
> >     build-key-pass script.
> >
> > Okay.  What password?  Where is it used?
> > Where is the rest of the explanation?
> > Why would I want to use it?
> >
> > Would some kind person please educate me?
> >
> > Many thanks,
> > -T
> >
> >
> >
> -------------------------------------------------------------------------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Openvpn-users mailing list
> > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> >
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> >
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
>

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users