[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] build-key-pass confusion

  • Subject: Re: [Openvpn-users] build-key-pass confusion
  • From: Josh Cepek <josh.cepek@xxxxxxx>
  • Date: Fri, 29 Jun 2007 12:23:04 -0500
  • Openpgp: id=2E5A5127
  • Z-usanet-msgid: XID463LFCRXJ0150X38

Peter Barwich wrote:
> And finally, just to confirm, your command, Josh, to decrypt the
> private file (openssl rsa -in encrypted.key -out unencrypted.key),
> does, indeed, work perfectly. Thanks for drawing my attention to this.

For your reference, all the scripts in the easy-rsa directory included
with OpenVPN are just wrapper scripts for the openssl command designed
to make generating a PKI simpler.  If you are curious about how openssl
is used in the other certificate operations (CA generation, signing,
client generation, revoking, etc) I'd encourage you to open up the
scripts and see how they invoke openssl.  Combined with the OpenSSL
documentation (either on the website of by checking the output of the
openssl command, eg `openssl ca help` will spit output on how to use the
ca command) you can figure out what options they're using and how they work.

It's certainly not required to know how to use OpenSSL before using the
easy-rsa scripts or OpenVPN, but it's sometimes nice to be able to
manipulate the keys and certificates by hand if you want to do something
not supported in the easy-rsa scripts.


Attachment: signature.asc
Description: OpenPGP digital signature