OpenVPN private key
-
I am using OpenVPN with user certificate authentication.
When using the client export tool and enabling the option for 'Microsoft Certificate Storage' i am able to generate the .exe.
Afterward, going through the install process its stating that the private key is protected with a password. At no point was i prompted to create a password.
Any idea on how to proceed? -
@michmoor
Windows is expecting password protection on a private key. -
@viragomann Gotcha.
Thats solved.
The next issue is im still able to sign in even though i removed the certificate from my trust store. -
@michmoor said in OpenVPN private key:
im still able to sign in even though i removed the certificate from my trust store.
On the Windows client?
I'd expect, that the client would complain due to missing certificate. -
@viragomann Solved it. the installer correctly intalls the certificate as PCKS12.
If you remove the cert and attempt to add the user cert back [i have the file on my desktop] the OpenVPN client correctly states it cant find the user cert. Took me a few minutes to realize that the cert exported from the User certificate manager on pfsense is not in the correct format for OpenVPN to read from in the certificate store. -
@michmoor said in OpenVPN private key:
that the cert exported from the User certificate manager on pfsense is not in the correct format for OpenVPN to read from in the certificate store.
You need both on the client, the user cert and the private key. The PKCS12 even contains both.
But I don't know at the moment, how to import them into Windows in this format. But you could put both files into a directory and state them in the .ovpn file. -
@viragomann If i re-run the installer from Clients export in pfsense, then it installs the PCKS12 file i need and in the certificate store. OpenVPN config file is generated to automatically to look at the trust store. So thats what i have been doing to test.
User Cert + 2FA, and no admin rights on this workers laptop...Im happy.