What's the use of challenge password in build-key-server and build-key from Easy-RSA?
All the OpenVPN/Easy-RSA tutorials that I've found, advise to setting an empty challenge password while building the key for the OpenVPN server.
Anybody knows why? What's the intended use for the challenge password in Easy-RSA server's keys?
And what about client's keys? I see that a
build-key-passexists to generate encrypted client keys, but no server equivalent exists. Still, both
build-key-passask for a challenge password.
"Challenge password" is an obscure and usually useless feature. -> Leave empty.
If your CA allows this, then the
Challenge Passwordwill be required of anyone who tries to get the cert revoked. -- But from what I understand there are few (or none?) CAs that actually use this. (Please leave a comment if you know otherwise.) So leave it empty if you're unsure.
What's the intended use of a "Challenge Password"?
As far as I understand it the idea is this:
If you have a rogue admin who has access to the cert and key then that admin could revoke the cert and DOS you.
But if you have a CA that will challenge the rogue admin to supply the "Challenge Password", then the rogue admin may not have that password and then you're safe from that DOS.
(The CP is NOT included in either cert or key. Only in the CSR. And you don't need the CSR for daily operations, so presumably operations personnel might not come into contact with the CSR file and therefore not know the Challenge Password.) (But bear in mind that you still have to worry about a rogue admin who has your cert/key. A lot. So from my understanding you gain exactly nothing from having a "challenge password" in the first place. -- Correct me if I'm wrong. I've got the feeling I'm missing some essential idea here. -- Maybe this is meant to allow revocation by somebody holding just the certificate and the password but NOT the private key.)
The (too short) official definition is here: RFC 2985: PKCS #9: Selected Object Classes and Attribute Types Version 2.0, Section 5.4.1: Challenge password
The question comes up regularly:
- Randall Perry, "OpenSSL-Users" mailing list, 2014-05-22, Re: CSR challenge password: What's the point?
There is no such thing as rogue admin. You may have a limited trust but you have trust nontheless. CSR challenge has plenty of use cases in very specific situations. If you dispose of CSR properly it can be treated as a secret (I know it is plaintext in the CSR, that is not the point). If you use a split secret scenario you may build an environment where revocation is only possible upon agreement of both user and issuer of the certificate. Issuer types in half of the password and the requester types in the half, then trusted 3rd party takes care of the CSR handling.