Change password in OpenVPN configuration file

openvpn

I use OpenVPN via command line:

openvpn --config acme.ovpn

with the config file user-locked to my username.

Is there a way to change the password that protects the private key in the config file?

Best Answer

If the key is in its own file, decrypt and re-encrypt it with a new passphrase:

$ openssl rsa -aes256 -in acme.key -out acme.key.new
$ openssl rsa -in acme.key.new -check
$ mv acme.key.new acme.key

With the first command, you'll be prompted for the old passphrase once, and a new passphrase twice. The second command isn't necessary, but is an additional sanity check that your new passphrase works with the new key file before you overwrite the original.

If your openvpn config is in the newer unified style, use your favorite editor to copy the key (including the -----BEGIN ... and -----END ... lines) from the config file into a separate file; change the passphrase as above; then copy the key back into the configuration file.

Related Question