With recent versions of OpenSSL (for OpenVPN server running on Linux) and using Easy-RSA scripts to generate and manage keys, the following problem appears:
New keys generated by OpenSSL use the PKCS#8 format.
OpenVPN Connect (Android) does not understand this format properly and fails to import a profile. The error message is indeed related to the key file, but somewhat misleading.
The problem and a workaround is described here viewtopic.php?f=36&t=12035&start=15#p27341
and more explanations and instructions can be found here: https://stackoverflow.com/questions/177 ... rivate-key
However, since PKCS#8 is the new default format for OpenSSL, I suggest OpenVPN Connect's SSL library also implement it.
I have yet to find a workaround to tell openssl to generate new keys directly in the traditional PKCS#1 format, thus so far I have to manually convert each key before sending it to the Android client.
Thank you.
Feature request: implement PKCS#8
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Aug 09, 2017 5:34 pm