Page 1 of 1

PKCS#12 and TLS auth with ta.key

Posted: Sat Jul 21, 2018 10:41 am
by GeckoGrp
Hi All,

I have a modem that will only take .p12 files to add certificates.

I am using TLS auth on my OVPN server instance and am wondering if source ./vars then ./build-key-pkcs12 will wrap up the ca certificate the client key and certificate plus the ta.key into the .p12 file.

Or is there some other way to include the files in this export?

Cheers

Re: PKCS#12 and TLS auth with ta.key

Posted: Sat Jul 21, 2018 12:12 pm
by TinCanTech
GeckoGrp wrote:
Sat Jul 21, 2018 10:41 am
./build-key-pkcs12 will wrap up the ca certificate the client key and certificate plus the ta.key into the .p12 file.
No it will not.
GeckoGrp wrote:
Sat Jul 21, 2018 10:41 am
Or is there some other way to include the files in this export?
I believe it is possible but not with the tools we use.

Openssl only supports including a single private key from the command line interface.
https://en.wikipedia.org/wiki/PKCS_12

Also, if you did somehow manage to include the ta.key into your .p12 file .. openvpn will not use it.

You may be able to INLINE all the files.