I wanted to remove the password protection for a OpenVPN 2 client private key. The solution is to use the ssh-keygen
command. For instance, assuming the key file is client_private_key.key
, we run
ssh-keygen -p -N "" -m pem -f client_private_key.key
The key file will be replaced by the key without the password protection.
Before I figured out this solution for OpenVPN 2, I ran into a problem. That is, I ran the following command instead,
ssh-keygen -p -N "" -f client_private_key.key
where there is no "-m
" option to specify "pem
" as the format of the key file and the key file is in the default PKCS 8
format. Then when I attempted to restart the OpenVPN 2 client, I saw
in the log,
Error: private key password verification failed
The message is misleading in this case because the actual problem is that OpenVPN 2 does not recognize the PKCS 8
format. To correct the problem, we just
need to run the ssh-keygen
again and this time we specify the pem
format as the file format, i.e.,
ssh-keygen -p -N "" -m pem -f client_private_key.key
Of course, in retrospective, I should have had run this command from the beginning with.