New Member
Posts: 24
Registered: ‎03-18-2018
Kudos: 1
Solutions: 2

Understanding OpenVPN Certificates

I have been looking at a better way to manage OpenVPN keys and certificate. I found a tool called XCA. I am trying to mimic same sort of certificates that I get when using CLI in EdgeRouter. The tool allows me to upload the CA and create client keys and certificates. My problem is that the keys generated by the tool are not password protected. After reading online, I found how to encrypt the keys but now the output file does not look similar to one created on the EdgeRouter. The file key generated by EdgeRouter has this format:

-----BEGIN ENCRYPTED PRIVATE KEY-----
1732 Characters
-----END ENCRYPTED PRIVATE KEY-----

If I encrypt the key generated by the tool, either using the tool itself or OpenSSL in EdgeRouter, I get this format:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,04D10768A4F352010D8AAD00CCAC79F5

1600 Characters
-----END RSA PRIVATE KEY-----

Does anyone know what are the settings of the OpenSSL in EdgeRouter that can help me get the same type of encrypted keys if I use another tool?

Highlighted
Established Member
Posts: 1,907
Registered: ‎03-02-2016
Kudos: 465
Solutions: 146

Re: Understanding OpenVPN Certificates

I don't believe you want to use password protected/encrypted certificates for OpenVPN or you'd need to enter the password every time the tunnel comes up.

You can look into the Easy-RSA scripts to see what openssl commands they're using.