How to ask for cert password on Client?
Posted: Tue Nov 29, 2022 8:25 pm
Hello everyone
I'm fooling around with the easy-rsa pass option, that is, when i generate a client certificate on the server instead of using
./easyrsa build-client-full VPNCLIENT nopass
i switched for "pass", and it asked for a passphrase when creating it and everything finished OK.
I used this new certificate on the client and when i try to connect i get this error. I know that's because of the missing passphrase, but i don't know how to make the GUI Client to ask for it...
...
2022-11-29 13:47:48 Restart pause, 5 second(s)
2022-11-29 13:47:53 OpenSSL: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
2022-11-29 13:47:53 OpenSSL: error:0D06C03A:asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error
2022-11-29 13:47:53 OpenSSL: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error
2022-11-29 13:47:53 OpenSSL: error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib
2022-11-29 13:47:53 Cannot load private key file [[INLINE]]
2022-11-29 13:47:53 SIGUSR1[soft,private-key-password-failure] received, process restarting
2022-11-29 13:47:53 MANAGEMENT: >STATE:1669751273,RECONNECTING,private-key-password-failure,,,,,
2022-11-29 13:47:53 Restart pause, 5 second(s)
2022-11-29 13:47:56 SIGTERM[hard,init_instance] received, process exiting
2022-11-29 13:47:56 MANAGEMENT: >STATE:1669751276,EXITING,init_instance,,,,,
Prpbably i'm misunderstanding the pass/nopass parameter, but what i0m trying to accomplish is to protect the config file in case of physical tampering, where if you don't have the password the client config file is useless.
Regards
I'm fooling around with the easy-rsa pass option, that is, when i generate a client certificate on the server instead of using
./easyrsa build-client-full VPNCLIENT nopass
i switched for "pass", and it asked for a passphrase when creating it and everything finished OK.
I used this new certificate on the client and when i try to connect i get this error. I know that's because of the missing passphrase, but i don't know how to make the GUI Client to ask for it...
...
2022-11-29 13:47:48 Restart pause, 5 second(s)
2022-11-29 13:47:53 OpenSSL: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
2022-11-29 13:47:53 OpenSSL: error:0D06C03A:asn1 encoding routines:asn1_d2i_ex_primitive:nested asn1 error
2022-11-29 13:47:53 OpenSSL: error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error
2022-11-29 13:47:53 OpenSSL: error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib
2022-11-29 13:47:53 Cannot load private key file [[INLINE]]
2022-11-29 13:47:53 SIGUSR1[soft,private-key-password-failure] received, process restarting
2022-11-29 13:47:53 MANAGEMENT: >STATE:1669751273,RECONNECTING,private-key-password-failure,,,,,
2022-11-29 13:47:53 Restart pause, 5 second(s)
2022-11-29 13:47:56 SIGTERM[hard,init_instance] received, process exiting
2022-11-29 13:47:56 MANAGEMENT: >STATE:1669751276,EXITING,init_instance,,,,,
Prpbably i'm misunderstanding the pass/nopass parameter, but what i0m trying to accomplish is to protect the config file in case of physical tampering, where if you don't have the password the client config file is useless.
Regards