PKCS#12 and TLS auth with ta.key

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
GeckoGrp
OpenVpn Newbie
Posts: 13
Joined: Mon Oct 30, 2017 8:29 am

PKCS#12 and TLS auth with ta.key

Post by GeckoGrp » Sat Jul 21, 2018 10:41 am

Hi All,

I have a modem that will only take .p12 files to add certificates.

I am using TLS auth on my OVPN server instance and am wondering if source ./vars then ./build-key-pkcs12 will wrap up the ca certificate the client key and certificate plus the ta.key into the .p12 file.

Or is there some other way to include the files in this export?

Cheers

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: PKCS#12 and TLS auth with ta.key

Post by TinCanTech » Sat Jul 21, 2018 12:12 pm

GeckoGrp wrote:
Sat Jul 21, 2018 10:41 am
./build-key-pkcs12 will wrap up the ca certificate the client key and certificate plus the ta.key into the .p12 file.
No it will not.
GeckoGrp wrote:
Sat Jul 21, 2018 10:41 am
Or is there some other way to include the files in this export?
I believe it is possible but not with the tools we use.

Openssl only supports including a single private key from the command line interface.
https://en.wikipedia.org/wiki/PKCS_12

Also, if you did somehow manage to include the ta.key into your .p12 file .. openvpn will not use it.

You may be able to INLINE all the files.

Post Reply