Bug #3154
closed
pfSense should not require users' private keys to be uploaded to generate certificates.
0%
Description
Hi,
In the certificate manager, the UI used to import existing certificates requires that you provide both the certificate and the private key. The only reason for that is I guess to allow the generation of the .zip or .exe to easy OpenVPN setup on client machines.
I would rather assume that, if one has chosen to import certificates, it has other facilities to do this, or has chosen not to use this kind of tools. Could (or should) not this field be made optional ? And then, I guess, the easy set-up tools should be disabled if no private key is available for a user.
By the way, this feels very insecure to me as a breach in pfSense may allow an attacker to impersonate any user who's certificate are found there. Indeed, both pieces of any users credentials can be retrieved from the pfSense machine. And since pfSense is a firewall/router distribution, it is likely to be the first machine an attacker may hit on a network.
In a general manner, would not it be more sane to advise users not to upload private keys on the pfSense box. Compromising security in favor of "ease of use" that way feels really strange.
Regards,
Nicolas.
Updated by