Project

General

Profile

Actions

Bug #12475

open

OpenVPN Client Export does not show certificate without private key

Added by Denis Grilli about 1 month ago. Updated about 1 month ago.

Status:
Pull Request Review
Priority:
Normal
Assignee:
Category:
OpenVPN Client Export
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
All

Description

When using the page https://<server>/vpn_openvpn_export.php to export an openvpn client config package only certificates with private key get shown in the list.

This is correct unless we want to use either the option "Use Microsoft Certificate Storage instead of local files." or "Use PKCS#11 storage device (cryptographic token, HSM, smart card) instead of local files." in which case is very likely that the certificate we have issued doesn't store the private key in the pfsense box. In fact we normally have the end user to create a .csr ( and store the private key in a smartcard) and issue the certificate using it.

I believe the reason for that is in the change has been made while ago to the src/etc/certs.inc file and the cert_build_list function that now doesn't add certificates without private key to the list.

When the "consumer" is "OPENVPN" the cert_build_list should add certificate without private key too or the openvpn_client_export package should use its own function to create the list of certificate compatible based on the option chosen to make the export.

Actions #1

Updated by Jim Pingle about 1 month ago

  • Project changed from pfSense to pfSense Packages
  • Subject changed from openvpn_client_export doesn't show certificate without private key to OpenVPN Client Export does not show certificate without private key
  • Category changed from OpenVPN to OpenVPN Client Export
  • Release Notes deleted (Default)
  • Affected Version deleted (2.5.x)
Actions #3

Updated by Jim Pingle about 1 month ago

  • Status changed from New to Pull Request Review
  • Assignee set to Viktor Gurov
Actions

Also available in: Atom PDF