Feature #4068
CAs present on CERT manager are not trusted from pfSense
Start date:
12/03/2014
Due date:
% Done:
100%
Estimated time:
Description
Normally the CAs imported/generated on the CERT manager of pfSense should be trusted to help avoid issues with cert validations in the code.
To be discussed if this should be an option on the CA section of cert manager or should be done by default.
Associated revisions
Also refresh trust store when renewing. Issue #4068
Restructure OpenVPN settings directory layout
- Changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to
/var/etc/openvpn/<mode><id>/<x> - This keeps all settings for each client and server in a clean
structure - Move to CApath style CA structure for OpenVPN, which implements #9915
- Reused some code from trust store functions to generate the new CApath
format, since the layout is identical. Issue #4068
History
#1
Updated by Chris Buechler about 5 years ago
Updated by - Status changed from New to Confirmed
- Affected Version set to All
#2
Updated by Ross Williams almost 3 years ago
Updated by Just submitted a pull request to resolve this issue:
https://github.com/pfsense/pfsense/pull/3558
Working now on requested changes.
#3
Updated by Jim Pingle 4 months ago
Updated by - Tracker changed from Bug to Feature
- Status changed from Confirmed to In Progress
- Assignee set to Jim Pingle
- Target version set to 2.5.0
- Affected Version deleted (
All)
#4
Updated by Jim Pingle 4 months ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset 7daab3d8dc4cc045db22925cccbde22c23083c03.
#5
Updated by Viktor Gurov 2 months ago
Updated by tested on pfSense 2.5.0.a.20191219.1908
works, Resolved
#6
Updated by Jim Pingle 2 months ago
- Status changed from Feedback to Resolved
Add option to trust local CA entries. Implements #4068
Similar to closed PR #3558 from overhacked, but with a number of
changes.