Bug #4934: OpenVPN Client Export Doesn't Include Full CA Chain - pfSense Packages - pfSense bugtracker

Actions

Copy link

Bug #4934

closed

OpenVPN Client Export Doesn't Include Full CA Chain

Added by Kyle Johnston over 9 years ago. Updated about 9 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

OpenVPN Client Export

Target version:

Start date:

08/14/2015

Due date:

% Done:

Estimated time:

Plus Target Version:

Affected Version:

All

Affected Plus Version:

Affected Architecture:

Description

When exporting an OpenVPN configuration, only the CA immediately above the server's certificate is included. If that is an intermediate CA, then the client is then unable to verify the server's certificate and the connection fails.

I suggest that it should instead export a .crt file with the entire certificate chain back to the root CA, returning an error if it doesn't have the entire CA chain in it's database.

(In my situation, I have a company CA, used to sign an intermediate CA for pfSense, which is used to sign the OpenVPN server certificate.)

Related: #4756

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense » pfSense Packages

Custom queries

Bug #4934

OpenVPN Client Export Doesn't Include Full CA Chain

Updated by Kyle Johnston over 9 years ago

Updated by Chris Buechler about 9 years ago

Updated by Phillip Davis about 9 years ago

Updated by Kyle Johnston about 9 years ago

Updated by Chris Buechler about 9 years ago