Hi,
On 02/11/20 16:32, Stephen wrote:
Hi everyone, the Easy-RSA forums directed me to this mailing list for
support questions. Hopefully someone here will be able to help me.
I have successfully created an EasyRSA 3 based PKI CA as described in
the standard tutorials on this topic. This currently works with
OpenVPN without issue. The ca.key file I have created for my PKI is
passworded in-line with best practice. Consequently I am prompted for
this password everytime I sign cert requests with the CA. So far so good.
My question is this:
How can I change the password associated with this ca.key file?
The specific scenario I have in mind is when i already know the
existing ca.key password but I want to change the password to
something else? For example if an admin leaves my workplace it is
obviously best practice to change password associated with the CA key.
Is this possible with EasyRSA without recreating my entire CA from
scratch and re-issuing all keys?
find your ca.key file, then run
mv ca.key oldca.key
openssl rsa -in oldca.key -out ca.key -aes256
which will first prompt you for the old password, then ask for the new
one (twice).
HTH,
JJK
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
