Cert Manager - additional download button for .p12
|Affected version:||Affected Architecture:|
Cert Manager in pfsense allows to download the .crt and .key file of CA and certificates. But on windows clients we need to have a .p12 file to import cert and key. This is realized in OpenVPN Export utility for example (configuration archive).
It would even make sense for other situations. So I could need it for freeradius2 package to export client certs for EAP-TLS.
#1 Updated by Jim P about 3 years ago
The GUI uses PHP's built-in OpenSSL commands, and the Client Export package uses shell commands.
The PHP version of the pkcs12 export function doesn't have a way to include the CA from what I can see (http://php.net/manual/en/function.openssl-pkcs12-export.php) and adapting the shell command method from the client export package would be somewhat involved the way it was designed. Possible, but not as easy as I was hoping it would be.
#2 Updated by Alexander Wilke about 3 years ago
No need to include the CA.crt into pkcs12 (cert.crt + cert.key).
Just make a pkcs12 from the corresponding .crt and .key. (certificates tab)
So as far as I can see that manual should do what we want.
The problem on Windows is that there is no way (as far as I know) to import just the plain .key file. That's why we need the pkcs12 which includes .key + .crt
I hope I do not write too confuse ;-)
#3 Updated by Jim P about 3 years ago
No that's fine, and that would work, but since you mentioned the client export package .p12 that's why I made the other notes. It wouldn't be consistent, but it may be acceptable.
#4 Updated by Jim P about 3 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset eaf23c171704362fdf3d7e27200ffdf540642c20.