Project

General

Profile

Feature #4068

CAs present on CERT manager are not trusted from pfSense

Added by Ermal Lu├ži over 6 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
12/03/2014
Due date:
% Done:

100%

Estimated time:
Release Notes:
Default

Description

Normally the CAs imported/generated on the CERT manager of pfSense should be trusted to help avoid issues with cert validations in the code.

To be discussed if this should be an option on the CA section of cert manager or should be done by default.

Associated revisions

Revision 7daab3d8 (diff)
Added by Jim Pingle over 1 year ago

Add option to trust local CA entries. Implements #4068

Similar to closed PR #3558 from overhacked, but with a number of
changes.

Revision 8d4663c1 (diff)
Added by Jim Pingle over 1 year ago

Also refresh trust store when renewing. Issue #4068

Revision 348c2af1 (diff)
Added by Jim Pingle over 1 year ago

Restructure OpenVPN settings directory layout

  • Changed from /var/etc/openvpn[-csc]/<mode><id>.<file> to
    /var/etc/openvpn/<mode><id>/<x>
  • This keeps all settings for each client and server in a clean
    structure
  • Move to CApath style CA structure for OpenVPN, which implements #9915
  • Reused some code from trust store functions to generate the new CApath
    format, since the layout is identical. Issue #4068

History

#1 Updated by Chris Buechler over 6 years ago

  • Status changed from New to Confirmed
  • Affected Version set to All

#2 Updated by Ross Williams about 4 years ago

Just submitted a pull request to resolve this issue:
https://github.com/pfsense/pfsense/pull/3558

Working now on requested changes.

#3 Updated by Jim Pingle over 1 year ago

  • Tracker changed from Bug to Feature
  • Status changed from Confirmed to In Progress
  • Assignee set to Jim Pingle
  • Target version set to 2.5.0
  • Affected Version deleted (All)

#4 Updated by Jim Pingle over 1 year ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

#5 Updated by Viktor Gurov over 1 year ago

tested on pfSense 2.5.0.a.20191219.1908

works, Resolved

#6 Updated by Jim Pingle over 1 year ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF