Client - Error: private key password verification failed

Support forum for Easy-RSA certificate management suite.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
.09.
OpenVpn Newbie
Posts: 4
Joined: Sun Nov 09, 2014 10:49 am

Client - Error: private key password verification failed

Post by .09. » Sun Nov 09, 2014 11:01 am

I have a Cisco e4200 with tomato-E4200USB-NVRAM60K-1.28.RT-N5x-MIPSR2-123-AIO.bin installed.

The problem is that I can't start the OpenVPN client, the logs shows this error measage:

Nov 8 17:41:33 unknown daemon.notice openvpn[12826]: OpenVPN 2.3.4 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 14 2014
Nov 8 17:41:33 unknown daemon.notice openvpn[12826]: library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.06
Nov 8 17:41:33 unknown daemon.warn openvpn[12826]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Nov 8 17:41:33 unknown daemon.warn openvpn[12826]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Nov 8 17:41:33 unknown daemon.err openvpn[12826]: Error: private key password verification failed
Nov 8 17:41:33 unknown daemon.notice openvpn[12826]: Exiting due to fatal error

I used this tutorial to create the certificates: http://uwnthesis.wordpress.com/2013/09/ ... n-windows/

I tried to create the client keys without entering a PEM pass phrase but it errors out and does not create the key files.

What could be the problem?
Last edited by debbie10t on Thu Nov 13, 2014 3:50 pm, edited 1 time in total.
Reason: Title clarity

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Can't start OpenVPN Clinet

Post by Traffic » Sun Nov 09, 2014 12:23 pm

.09. wrote:I used this tutorial to create the certificates: http://uwnthesis.wordpress.com/2013/09/ ... n-windows/
On that HOWTO it says:
Step 6 – Build your Client Key (repeat for each vpn client)
  • In the same command prompt type build-key vpnclient1.
    Enter client password
    Enter Common name eg vpnclient1
    Enter a client challenge password
    Enter Variables for client
    Sign = Y
    Commit =Y
You will have to remake your client key without a challenge password.

.09.
OpenVpn Newbie
Posts: 4
Joined: Sun Nov 09, 2014 10:49 am

Re: Can't start OpenVPN Clinet

Post by .09. » Thu Nov 13, 2014 7:30 am

Thank you for your help.

I tried to build the client key without the client challenge password but I still get the same error in the logs and I can't start OpenVPN. Any other ideas?

Nov 13 08:26:46 unknown daemon.err openvpn[4100]: Error: private key password verification failed

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Can't start OpenVPN Clinet

Post by Traffic » Thu Nov 13, 2014 2:23 pm

Did you also recreate your server key without the password ?

.09.
OpenVpn Newbie
Posts: 4
Joined: Sun Nov 09, 2014 10:49 am

Re: Can't start OpenVPN Clinet

Post by .09. » Thu Nov 13, 2014 2:37 pm

Yes, I also recreated the server key without a password.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Client - Error: private key password verification failed

Post by Traffic » Thu Nov 13, 2014 4:02 pm

.09. wrote:I tried to create the client keys without entering a PEM pass phrase but it errors out and does not create the key files
So what is this error .. And how did you subsequently re-create your client cert/key ?

You may also want to try: EasyRSA3-rc2:
https://github.com/OpenVPN/easy-rsa/releases

If you use that tool when you create your server/client key add the nopass option.

.09.
OpenVpn Newbie
Posts: 4
Joined: Sun Nov 09, 2014 10:49 am

Re: Client - Error: private key password verification failed

Post by .09. » Thu Nov 13, 2014 8:07 pm

I managed to solve this. I created the client key with a PEM pass phrase and then removed the password with:

Code: Select all

 openssl.exe rsa -in "C:\Path\to\your.key" -out "C:\Path\to\your.key" 
Thank you for your help!

Post Reply