Feature #2147

Cert Manager - additional download button for .p12

Added by Alexander Wilke about 2 years ago. Updated almost 2 years ago.

Status:Resolved Start date:01/28/2012
Priority:Normal Due date:
Assignee:- % Done:

100%

Category:Certificates
Target version:-
Affected version: Affected Architecture:

Description

Cert Manager in pfsense allows to download the .crt and .key file of CA and certificates. But on windows clients we need to have a .p12 file to import cert and key. This is realized in OpenVPN Export utility for example (configuration archive).

It would even make sense for other situations. So I could need it for freeradius2 package to export client certs for EAP-TLS.

Associated revisions

Revision be065c25
Added by Jim P about 2 years ago

Add button to download a .p12 of a cert+key. Implements #2147

Revision eaf23c17
Added by Jim P about 2 years ago

Add button to download a .p12 of a cert+key. Implements #2147

Revision eed5b507
Added by Jim P 7 months ago

Include CA in generated .p12 file. Fixes #2147 the way it was originally intended.

History

#1 Updated by Jim P about 2 years ago

The GUI uses PHP's built-in OpenSSL commands, and the Client Export package uses shell commands.

The PHP version of the pkcs12 export function doesn't have a way to include the CA from what I can see (http://php.net/manual/en/function.openssl-pkcs12-export.php) and adapting the shell command method from the client export package would be somewhat involved the way it was designed. Possible, but not as easy as I was hoping it would be.

#2 Updated by Alexander Wilke about 2 years ago

No need to include the CA.crt into pkcs12 (cert.crt + cert.key).

Just make a pkcs12 from the corresponding .crt and .key. (certificates tab)
So as far as I can see that manual should do what we want.

The problem on Windows is that there is no way (as far as I know) to import just the plain .key file. That's why we need the pkcs12 which includes .key + .crt

I hope I do not write too confuse ;-)

#3 Updated by Jim P about 2 years ago

No that's fine, and that would work, but since you mentioned the client export package .p12 that's why I made the other notes. It wouldn't be consistent, but it may be acceptable.

#4 Updated by Jim P about 2 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#5 Updated by Jim P almost 2 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF