OpenVPN Client Export - Not Encrypting Private Key (With Password)

kx93 · Apr 5, 2024, 8:30 PM

Checking the checkbox for "Use a password to protect the PKCS#12 file contents or key in Viscosity bundle" and entering password then clicking "Inline Configuration > Most Clients" button and it exports unencrypted private key. What am I missing?

pfSense 2.7.2
openvpn-client-export: 1.9.2

viragomann · Apr 6, 2024, 3:47 PM

@kx93
As the hint there mentions, the private key is encrypted in the Viscosity bundle, but not in the inline config file.

kx93 · Apr 10, 2024, 3:29 PM

A solution is to export the private key of the client from System > Certificates > Certificates > Select the user cert > Set a "export password" and click "Export Private Key" then copy/paste and overwrite the private key in the file exported from the OpenVPN Client Export plugin. If don't want to export unencrypted private key, the password-protected Viscosity bundle export and can be used to build the base of the config file and the private key can be replaced from the export from earlier.