05-17-2018 07:32 PM
I have been looking at a better way to manage OpenVPN keys and certificate. I found a tool called XCA. I am trying to mimic same sort of certificates that I get when using CLI in EdgeRouter. The tool allows me to upload the CA and create client keys and certificates. My problem is that the keys generated by the tool are not password protected. After reading online, I found how to encrypt the keys but now the output file does not look similar to one created on the EdgeRouter. The file key generated by EdgeRouter has this format:
-----BEGIN ENCRYPTED PRIVATE KEY----- 1732 Characters -----END ENCRYPTED PRIVATE KEY-----
If I encrypt the key generated by the tool, either using the tool itself or OpenSSL in EdgeRouter, I get this format:
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,04D10768A4F352010D8AAD00CCAC79F5 1600 Characters -----END RSA PRIVATE KEY-----
Does anyone know what are the settings of the OpenSSL in EdgeRouter that can help me get the same type of encrypted keys if I use another tool?
05-18-2018 06:18 AM
You can look into the Easy-RSA scripts to see what openssl commands they're using.