Project

General

Profile

Actions

Bug #4934

closed

OpenVPN Client Export Doesn't Include Full CA Chain

Added by Kyle Johnston over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
OpenVPN Client Export
Target version:
-
Start date:
08/14/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
All
Affected Plus Version:
Affected Architecture:

Description

When exporting an OpenVPN configuration, only the CA immediately above the server's certificate is included. If that is an intermediate CA, then the client is then unable to verify the server's certificate and the connection fails.

I suggest that it should instead export a .crt file with the entire certificate chain back to the root CA, returning an error if it doesn't have the entire CA chain in it's database.

(In my situation, I have a company CA, used to sign an intermediate CA for pfSense, which is used to sign the OpenVPN server certificate.)

Related: #4756

Actions #2

Updated by Chris Buechler over 8 years ago

  • Affected Version changed from 2.2.x to All
Actions #3

Updated by Phillip Davis over 8 years ago

The pull request that was finally merged was https://github.com/pfsense/pfsense-packages/pull/1029
Is that all there is to do hear? Should this be marked resolved?

Actions #4

Updated by Kyle Johnston over 8 years ago

Is that all there is to do hear? Should this be marked resolved?

Yes.

Actions #5

Updated by Chris Buechler over 8 years ago

  • Status changed from New to Resolved

thanks

Actions

Also available in: Atom PDF