• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN Client Export - Not Encrypting Private Key (With Password)

Scheduled Pinned Locked Moved OpenVPN
3 Posts 2 Posters 538 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kx93
    last edited by Apr 5, 2024, 8:30 PM

    Checking the checkbox for "Use a password to protect the PKCS#12 file contents or key in Viscosity bundle" and entering password then clicking "Inline Configuration > Most Clients" button and it exports unencrypted private key. What am I missing?

    pfSense 2.7.2
    openvpn-client-export: 1.9.2

    V 1 Reply Last reply Apr 6, 2024, 3:47 PM Reply Quote 0
    • V
      viragomann @kx93
      last edited by Apr 6, 2024, 3:47 PM

      @kx93
      As the hint there mentions, the private key is encrypted in the Viscosity bundle, but not in the inline config file.

      1 Reply Last reply Reply Quote 0
      • K
        kx93
        last edited by Apr 10, 2024, 3:29 PM

        A solution is to export the private key of the client from System > Certificates > Certificates > Select the user cert > Set a "export password" and click "Export Private Key" then copy/paste and overwrite the private key in the file exported from the OpenVPN Client Export plugin. If don't want to export unencrypted private key, the password-protected Viscosity bundle export and can be used to build the base of the config file and the private key can be replaced from the export from earlier.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received