Bug #16736
closed
Openvpn client export fails to show 'exportable' clients when server uses a different CA for "Peer Certificate Authority"
0%
Description
Openvpn client export fails to show 'exportable' clients
I use a different peer authority for authentication (Windows CA for smartcard authentication). The clients used to show up in versions prior to 1.9.8, although I can't say for sure which version.
The text at the bottom of the export says:
"If a client is missing from the list it is likely due to a CA mismatch between the OpenVPN server instance and the client certificate"
This is the problem. It needs to look at the CA in the "Peer Certificate Authority" instead of the CA used to create the server certificate.
Updated by Jim Pingle 9 days ago
- Status changed from New to Rejected
It does use the "Peer Certificate Authority" to list client certificates. Nothing has changed in the package with how it handles that in recent years.
I can select a different server certificate from another CA and the clients listed are the same as when the server cert CA matches.
There must be something else different about your environment, but this site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the Netgate Forum .
See Reporting Issues with pfSense Software for more information.