Feature #2147
closed
Cert Manager - additional download button for .p12
Added by Alexander Wilke almost 13 years ago.
Updated over 12 years ago.
Description
Cert Manager in pfsense allows to download the .crt and .key file of CA and certificates. But on windows clients we need to have a .p12 file to import cert and key. This is realized in OpenVPN Export utility for example (configuration archive).
It would even make sense for other situations. So I could need it for freeradius2 package to export client certs for EAP-TLS.
The GUI uses PHP's built-in OpenSSL commands, and the Client Export package uses shell commands.
The PHP version of the pkcs12 export function doesn't have a way to include the CA from what I can see (http://php.net/manual/en/function.openssl-pkcs12-export.php) and adapting the shell command method from the client export package would be somewhat involved the way it was designed. Possible, but not as easy as I was hoping it would be.
No need to include the CA.crt into pkcs12 (cert.crt + cert.key).
Just make a pkcs12 from the corresponding .crt and .key. (certificates tab)
So as far as I can see that manual should do what we want.
The problem on Windows is that there is no way (as far as I know) to import just the plain .key file. That's why we need the pkcs12 which includes .key + .crt
I hope I do not write too confuse ;-)
No that's fine, and that would work, but since you mentioned the client export package .p12 that's why I made the other notes. It wouldn't be consistent, but it may be acceptable.
- Status changed from New to Feedback
- % Done changed from 0 to 100
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by