Feature #15059
closedopenvpn server ed25519 certificate
0%
Description
OpenVPN server web-page will not list in the drop-down for Server certificates, a properly imported certificate, if the signing algorithm is Ed25519 .
The certificate is signed by an external CA, which is also properly imported in PfSense.
Looking at certs.inc, cert_check_pkey_compatibility function does some filtering which excludes Ed25519, however the Ed25519 Server Certificate was imported when the test pfsense system was at 2.7.0 and with that version, the OpenVPN server configuration web-page did list the Ed25519 certificates in the Server Certificate drop-down,
I was able to start the OpenVPN server again, by manually modifying /conf/config.xml and setting the OpenVPN server cert ref to the Ed25519 cert hash (no surprise - the GUI will not recognize the value).
Related issues