Feature #4068

CAs present on CERT manager are not trusted from pfSense

Added by Ermal Lu├ži almost 6 years ago. Updated 10 months ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:


Normally the CAs imported/generated on the CERT manager of pfSense should be trusted to help avoid issues with cert validations in the code.

To be discussed if this should be an option on the CA section of cert manager or should be done by default.

Associated revisions

Revision 7daab3d8 (diff)
Added by Jim Pingle 11 months ago

Add option to trust local CA entries. Implements #4068

Similar to closed PR #3558 from overhacked, but with a number of

Revision 8d4663c1 (diff)
Added by Jim Pingle 11 months ago

Also refresh trust store when renewing. Issue #4068

Revision 348c2af1 (diff)
Added by Jim Pingle 10 months ago

Restructure OpenVPN settings directory layout

  • Changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to
  • This keeps all settings for each client and server in a clean
  • Move to CApath style CA structure for OpenVPN, which implements #9915
  • Reused some code from trust store functions to generate the new CApath
    format, since the layout is identical. Issue #4068


#1 Updated by Chris Buechler almost 6 years ago

  • Status changed from New to Confirmed
  • Affected Version set to All

#2 Updated by Ross Williams over 3 years ago

Just submitted a pull request to resolve this issue:

Working now on requested changes.

#3 Updated by Jim Pingle 11 months ago

  • Tracker changed from Bug to Feature
  • Status changed from Confirmed to In Progress
  • Assignee set to Jim Pingle
  • Target version set to 2.5.0
  • Affected Version deleted (All)

#4 Updated by Jim Pingle 11 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

#5 Updated by Viktor Gurov 10 months ago

tested on pfSense 2.5.0.a.20191219.1908

works, Resolved

#6 Updated by Jim Pingle 10 months ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF