Bug #5749
closed
OpenVPN Export Certs with password, password doesn't open .pk12 container.
Added by Rob Reeves over 9 years ago.
Updated over 8 years ago.
Category:
OpenVPN Client Export
Description
When I export OpenVPN certs in a .pk12 container and try to set a password, that password doesn't open the private key.
Have to export without a password and use openssl to extract certs and create new container with a password.
Files
Would you provide some more information please?
Affected pfSense version
GUI page on which the issue is observed
Steps to reproduce (page visited, controls used etc)
I'm guessing you are using the "OpenVPN Client Export" package. Is that correct?
Thanks
It is on pfSense 2.2.6
The page observed is: https://172.16.0.1/vpn_openvpn_export.php
The package is: OpenVPN Client Export Utility 1.3.0
The options use to add a password to the .pk12 file are shown below in the attached image:
- Project changed from pfSense to pfSense Packages
- Category set to OpenVPN Client Export
- Status changed from New to Feedback
it works for me. Viscosity prompts for the p12 key after the user credentials, and accepts it as entered in the export.
Rob: Is there some special character or combination thereof that's a problem here maybe? What's an example of a password that doesn't work for you?
There has also been an update of the client export package recently, make sure you're on the latest version.
Any update on this? I'm having the same issue on 2.3.2. Using openvpn-client-export 1.3.8 (just reinstalled it as well). Appears to be a problem with special characters. I found the below discussion but no resolution. The password I'm using contains a "+" character and does not work. Using alpha-numeric characters only works fine for me.
https://forum.pfsense.org/index.php?topic=34342.0
Is it only "+" that causes a problem or have you tried other special characters as well?
The way the password is submitted via JS, I could see + being a JS-specific problem.
I tried using "@" and "." in the password and both worked fine.
Looking at the JS code, it's using the escape() function on the password, as well as many other inputs, but this does not escape "+" or several other special characters. Utilizing the encodeURIComponent() function may be a better option.
I was able to reproduce the problem with "+" and confirmed that switching from escape() to encodeURIComponent() fixed it. I pushed a fix, it should be available in a new version of the OpenVPN client export package shortly, once it gets copied to the package servers.
- Assignee set to Jim Pingle
- % Done changed from 0 to 100
- Status changed from Feedback to Resolved
New version is up, installed, confirmed working on a separate unit.
Also available in: Atom
PDF
Updated by Anonymous 
Updated by 
Updated by 
Updated by 
Updated by 