I have tried to use openvpn-ui on an existing openvpn setup and could view certificates and openvpn server basic stats through the Web UI.
However I am not able to create new certificates, neither renew the existing ones, since in my setup the ca.key is protected by a passphrase.
When I try creating a new certificate via the Web interface I get the following in the openvpn-ui log:
Notice
------
Private-Key and Public-Certificate-Request files created.
Your files are:
* req: /usr/share/easy-rsa/pki/reqs/Test.req
* key: /usr/share/easy-rsa/pki/private/Test.key
Using Easy-RSA 'vars' configuration:
* /usr/share/easy-rsa/pki/vars
Using SSL:
* openssl OpenSSL 3.3.1 4 Jun 2024 (Library: OpenSSL 3.3.1 4 Jun 2024)
Using configuration from /usr/share/easy-rsa/pki/openssl-easyrsa.cnf
Enter pass phrase for /usr/share/easy-rsa/pki/private/ca.key:
Could not find CA private key from /usr/share/easy-rsa/pki/private/ca.key
28AB4E5A657F0000:error:1400006B:UI routines:UI_process:processing error:crypto/ui/ui_lib.c:528:while reading strings
28AB4E5A657F0000:error:07880028:common libcrypto routines:do_ui_passphrase:UI lib:crypto/passphrase.c:181:
28AB4E5A657F0000:error:04800068:PEM routines:PEM_do_header:bad password read:crypto/pem/pem_lib.c:445:
Easy-RSA error:
easyrsa_openssl - Command has failed:
* openssl ca -utf8 -batch -in /usr/share/easy-rsa/pki/reqs/Test.req -out /usr/share/easy-rsa/pki/79c560fd/temp.3.1 -extfile /usr/share/easy-rsa/pki/79c560fd/temp.2.1 -days 3650
EasyRSA Version Information
Version: ~VER~
Generated: ~DATE~
SSL Lib: OpenSSL 3.3.1 4 Jun 2024 (Library: OpenSSL 3.3.1 4 Jun 2024)
Git Commit: ~GITHEAD~
Source Repo: https://github.com/OpenVPN/easy-rsa
Host: dev | nix | Linux | undefined
2024/08/27 08:39:33.085 [E] [certificates.go:213] exit status 1
2024/08/27 08:39:33.085 [E] [certificates.go:144] exit status 1
I am running the latest openvpn (d3vilh/openvpn-server:0.5.4) and openvpn-ui (d3vilh/openvpn-ui:0.9.5.5) Docker Images.
It would be great to have support of CA.key passphrases through the Web ui.
Hello @d3vilh
first of all, thank you for the great project!
I have tried to use openvpn-ui on an existing openvpn setup and could view certificates and openvpn server basic stats through the Web UI. However I am not able to create new certificates, neither renew the existing ones, since in my setup the ca.key is protected by a passphrase.
When I try creating a new certificate via the Web interface I get the following in the openvpn-ui log:
I am running the latest openvpn (d3vilh/openvpn-server:0.5.4) and openvpn-ui (d3vilh/openvpn-ui:0.9.5.5) Docker Images.
It would be great to have support of CA.key passphrases through the Web ui.