Feature #2147


Cert Manager - additional download button for .p12

Added by Alexander Wilke over 9 years ago. Updated about 9 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:


Cert Manager in pfsense allows to download the .crt and .key file of CA and certificates. But on windows clients we need to have a .p12 file to import cert and key. This is realized in OpenVPN Export utility for example (configuration archive).

It would even make sense for other situations. So I could need it for freeradius2 package to export client certs for EAP-TLS.

Actions #1

Updated by Jim Pingle over 9 years ago

The GUI uses PHP's built-in OpenSSL commands, and the Client Export package uses shell commands.

The PHP version of the pkcs12 export function doesn't have a way to include the CA from what I can see ( and adapting the shell command method from the client export package would be somewhat involved the way it was designed. Possible, but not as easy as I was hoping it would be.

Actions #2

Updated by Alexander Wilke over 9 years ago

No need to include the CA.crt into pkcs12 (cert.crt + cert.key).

Just make a pkcs12 from the corresponding .crt and .key. (certificates tab)
So as far as I can see that manual should do what we want.

The problem on Windows is that there is no way (as far as I know) to import just the plain .key file. That's why we need the pkcs12 which includes .key + .crt

I hope I do not write too confuse ;-)

Actions #3

Updated by Jim Pingle over 9 years ago

No that's fine, and that would work, but since you mentioned the client export package .p12 that's why I made the other notes. It wouldn't be consistent, but it may be acceptable.

Actions #4

Updated by Jim Pingle over 9 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #5

Updated by Jim Pingle about 9 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF