Project

General

Profile

Actions

Bug #5317

closed

CSR signed certificates shows issuer as external

Added by Mathias Andersson about 9 years ago. Updated over 7 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
Certificates
Target version:
-
Start date:
10/18/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:

Description

Doing the following steps

  1. Creating an external CA.
  2. Adding that CAs cert to Pfsense.
  3. Creating a certificate signing request in Pfsense.
  4. Signing the request using the CA.
  5. Adding the signed cert to Pfsense.

The issuer is now shown as external for the signed cert in the cert manager.

This becomes a problem if using these certs for OpenVPN. Either as server or user cert.
When trying to export the client configuration using the "OpenVPN Client Export Utility" it fails to find the CA correctly.

Yes this could be considered a bug with the "OpenVPN Client Export Utility" package.
But feel that given that Pfsense has the CA that signed the cert it should be able to correctly show it as issuer.

I did some searching in the issue tracker and found bug #5313 which is similar to this.

Actions #1

Updated by Pascal Mages over 8 years ago

I can confirm that this bug si still present in pfSense 2.3.

Actions #2

Updated by Pascal Mages over 8 years ago

I did some further research with my pfSense boxes. When the external CA is added after the locally generated CSRs are signed and uploaded, the issuer gets recognized correctly.

Actions #3

Updated by Andrew M about 8 years ago

Seeing this as well, quite problematic for VPN usage. pfSense 2.3.2-RELEASE-p1.

Actions #4

Updated by Jim Pingle over 7 years ago

  • Status changed from New to Not a Bug

Import the CA cert (cert only), any intermediate CA certs, and the signed cert. It will pick up the issuer correctly if it can find it.

If it can't find the issuer, then you didn't import something properly, or the bug was fixed already. It works fine, now.

Actions

Also available in: Atom PDF