Configuration: ta.key and public key password questions
Posted: Wed Mar 21, 2018 10:49 am
Hi,
I've saved the .ovpn file and the there referenced .p12 and ta.key files in the openvpn directory in the SD card of my Android smartphone.
Using OpenVPN Connect I've first imported the .ovpn file and then imported the .p12 file, entering the requested "export password".
Doing this, the client certificate, the root CA certificate and the private key have been stored into the Android Keychain, I hope
Now a few questions concerning the configuration:
1) What happens with the ta.key file? Does it have also been saved into the Android Keychain?
2a) Now that the configuration is complete, do I need to remove the ta.key file from the openvpn directory? It's a security risk to let it there?
2b) Now that the configuration is complete, do I need to remove the .p12 file from the openvpn directory? It's a security risk to let it there?
3) The only time that I've been asked to enter a password (the "export password") was importing the .p12 file. Now I can start an OpenVPN connection without any password.
I was thinking that I would be asked to define and use a password for the private key...
This is not good, in the case that I would loose the smartphone, the only obstacle to open a connection is the smartphone own password. Do I have missed anything in the configuration?
Many thanks!
I've saved the .ovpn file and the there referenced .p12 and ta.key files in the openvpn directory in the SD card of my Android smartphone.
Using OpenVPN Connect I've first imported the .ovpn file and then imported the .p12 file, entering the requested "export password".
Doing this, the client certificate, the root CA certificate and the private key have been stored into the Android Keychain, I hope
Now a few questions concerning the configuration:
1) What happens with the ta.key file? Does it have also been saved into the Android Keychain?
2a) Now that the configuration is complete, do I need to remove the ta.key file from the openvpn directory? It's a security risk to let it there?
2b) Now that the configuration is complete, do I need to remove the .p12 file from the openvpn directory? It's a security risk to let it there?
3) The only time that I've been asked to enter a password (the "export password") was importing the .p12 file. Now I can start an OpenVPN connection without any password.
I was thinking that I would be asked to define and use a password for the private key...
This is not good, in the case that I would loose the smartphone, the only obstacle to open a connection is the smartphone own password. Do I have missed anything in the configuration?
Many thanks!