Project

General

Profile

Feature #4068

CAs present on CERT manager are not trusted from pfSense

Added by Ermal Lu├ži almost 6 years ago. Updated 10 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
12/03/2014
Due date:
% Done:

100%

Estimated time:

Description

Normally the CAs imported/generated on the CERT manager of pfSense should be trusted to help avoid issues with cert validations in the code.

To be discussed if this should be an option on the CA section of cert manager or should be done by default.

Associated revisions

Revision 7daab3d8 (diff)
Added by Jim Pingle 11 months ago

Add option to trust local CA entries. Implements #4068

Similar to closed PR #3558 from overhacked, but with a number of
changes.

Revision 8d4663c1 (diff)
Added by Jim Pingle 11 months ago

Also refresh trust store when renewing. Issue #4068

Revision 348c2af1 (diff)
Added by Jim Pingle 10 months ago

Restructure OpenVPN settings directory layout

  • Changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to
    /var/etc/openvpn/<mode><id>/<x>
  • This keeps all settings for each client and server in a clean
    structure
  • Move to CApath style CA structure for OpenVPN, which implements #9915
  • Reused some code from trust store functions to generate the new CApath
    format, since the layout is identical. Issue #4068

History

#1 Updated by Chris Buechler almost 6 years ago

  • Status changed from New to Confirmed
  • Affected Version set to All

#2 Updated by Ross Williams over 3 years ago

Just submitted a pull request to resolve this issue:
https://github.com/pfsense/pfsense/pull/3558

Working now on requested changes.

#3 Updated by Jim Pingle 11 months ago

  • Tracker changed from Bug to Feature
  • Status changed from Confirmed to In Progress
  • Assignee set to Jim Pingle
  • Target version set to 2.5.0
  • Affected Version deleted (All)

#4 Updated by Jim Pingle 11 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

#5 Updated by Viktor Gurov 10 months ago

tested on pfSense 2.5.0.a.20191219.1908

works, Resolved

#6 Updated by Jim Pingle 10 months ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF