Bug #5317
closed
CSR signed certificates shows issuer as external
0%
Description
Doing the following steps
- Creating an external CA.
- Adding that CAs cert to Pfsense.
- Creating a certificate signing request in Pfsense.
- Signing the request using the CA.
- Adding the signed cert to Pfsense.
The issuer is now shown as external for the signed cert in the cert manager.
This becomes a problem if using these certs for OpenVPN. Either as server or user cert.
When trying to export the client configuration using the "OpenVPN Client Export Utility" it fails to find the CA correctly.
Yes this could be considered a bug with the "OpenVPN Client Export Utility" package.
But feel that given that Pfsense has the CA that signed the cert it should be able to correctly show it as issuer.
I did some searching in the issue tracker and found bug #5313 which is similar to this.
Updated by Pascal Mages almost 8 years ago
I can confirm that this bug si still present in pfSense 2.3.
Updated by Pascal Mages almost 8 years ago
I did some further research with my pfSense boxes. When the external CA is added after the locally generated CSRs are signed and uploaded, the issuer gets recognized correctly.
Updated by Andrew M over 7 years ago
Seeing this as well, quite problematic for VPN usage. pfSense 2.3.2-RELEASE-p1.
Updated by Jim Pingle almost 7 years ago
- Status changed from New to Not a Bug
Import the CA cert (cert only), any intermediate CA certs, and the signed cert. It will pick up the issuer correctly if it can find it.
If it can't find the issuer, then you didn't import something properly, or the bug was fixed already. It works fine, now.