Project

General

Profile

Actions

Bug #5749

closed

OpenVPN Export Certs with password, password doesn't open .pk12 container.

Added by Rob Reeves about 8 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
OpenVPN Client Export
Target version:
-
Start date:
01/09/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

When I export OpenVPN certs in a .pk12 container and try to set a password, that password doesn't open the private key.

Have to export without a password and use openssl to extract certs and create new container with a password.


Files

pk12 issue.jpg (21.2 KB) pk12 issue.jpg Picture showing GUI to enter password Rob Reeves, 01/10/2016 11:37 AM
Actions #1

Updated by Anonymous about 8 years ago

Would you provide some more information please?

Affected pfSense version
GUI page on which the issue is observed
Steps to reproduce (page visited, controls used etc)

I'm guessing you are using the "OpenVPN Client Export" package. Is that correct?

Thanks

Actions #2

Updated by Rob Reeves about 8 years ago

It is on pfSense 2.2.6

The page observed is: https://172.16.0.1/vpn_openvpn_export.php

The package is: OpenVPN Client Export Utility 1.3.0

The options use to add a password to the .pk12 file are shown below in the attached image:

Actions #3

Updated by Chris Buechler about 8 years ago

  • Project changed from pfSense to pfSense Packages
  • Category set to OpenVPN Client Export
  • Status changed from New to Feedback

it works for me. Viscosity prompts for the p12 key after the user credentials, and accepts it as entered in the export.

Rob: Is there some special character or combination thereof that's a problem here maybe? What's an example of a password that doesn't work for you?

There has also been an update of the client export package recently, make sure you're on the latest version.

Actions #4

Updated by Brian Talbot over 7 years ago

Any update on this? I'm having the same issue on 2.3.2. Using openvpn-client-export 1.3.8 (just reinstalled it as well). Appears to be a problem with special characters. I found the below discussion but no resolution. The password I'm using contains a "+" character and does not work. Using alpha-numeric characters only works fine for me.

https://forum.pfsense.org/index.php?topic=34342.0

Actions #5

Updated by Jim Pingle over 7 years ago

Is it only "+" that causes a problem or have you tried other special characters as well?

The way the password is submitted via JS, I could see + being a JS-specific problem.

Actions #6

Updated by Brian Talbot over 7 years ago

I tried using "@" and "." in the password and both worked fine.

Looking at the JS code, it's using the escape() function on the password, as well as many other inputs, but this does not escape "+" or several other special characters. Utilizing the encodeURIComponent() function may be a better option.

Actions #7

Updated by Jim Pingle over 7 years ago

I was able to reproduce the problem with "+" and confirmed that switching from escape() to encodeURIComponent() fixed it. I pushed a fix, it should be available in a new version of the OpenVPN client export package shortly, once it gets copied to the package servers.

Actions #8

Updated by Jim Pingle over 7 years ago

  • Assignee set to Jim Pingle
  • % Done changed from 0 to 100
Actions #9

Updated by Jim Pingle over 7 years ago

  • Status changed from Feedback to Resolved

New version is up, installed, confirmed working on a separate unit.

Actions

Also available in: Atom PDF