Feature request: implement PKCS#8

Post Reply
andrixnet
OpenVpn Newbie
Posts: 1
Joined: Wed Aug 09, 2017 5:34 pm

Feature request: implement PKCS#8

Post by andrixnet » Wed Aug 09, 2017 5:40 pm

With recent versions of OpenSSL (for OpenVPN server running on Linux) and using Easy-RSA scripts to generate and manage keys, the following problem appears:

New keys generated by OpenSSL use the PKCS#8 format.
OpenVPN Connect (Android) does not understand this format properly and fails to import a profile. The error message is indeed related to the key file, but somewhat misleading.

The problem and a workaround is described here viewtopic.php?f=36&t=12035&start=15#p27341
and more explanations and instructions can be found here: https://stackoverflow.com/questions/177 ... rivate-key

However, since PKCS#8 is the new default format for OpenSSL, I suggest OpenVPN Connect's SSL library also implement it.
I have yet to find a workaround to tell openssl to generate new keys directly in the traditional PKCS#1 format, thus so far I have to manually convert each key before sending it to the Android client.

Thank you.

Post Reply