Correction #15696: IKEv2 ACME certificate usage - pfSense Docs - pfSense bugtracker

Actions

Copy link

Correction #15696

closed

IKEv2 ACME certificate usage

Added by Alex Kolesnik 3 months ago. Updated 3 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Jim Pingle

Category:

IPsec

Target version:

Start date:

Due date:

% Done:

100%

Estimated time:

Description

https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html#ipsec-ikev2-p1 states:
A certificate created by the ACME package (ACME package) will be natively trusted by many clients and can be used in place of a manually created private CA and server certificate.

This does not work for Windows (at least for Windows 10 version 10.0.19045.4780). I believe it's b/c the LetsEncrypt certificate misses a certain key usage. Compare:
EKU: TLS Web Server Authentication, TLS Web Client Authentication, IP Security IKE Intermediate (internal certificate)
EKU: TLS Web Server Authentication, TLS Web Client Authentication (LE certificate obtained by ACME package)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Docs

Correction #15696

IKEv2 ACME certificate usage

Updated by Jim Pingle 3 months ago

Updated by Alex Kolesnik 3 months ago

Updated by Jim Pingle 3 months ago

Updated by Jim Pingle 3 months ago