Bug #5912
closed
OpenVPN Client Export Utility works only if "peer CA" in the daemon is set to an internal CA
0%
Description
With pfSense 2.2.6, and OpenVPN Client Export Utility 1.3.0 I can't export a client config unless the "peer CA" of the server I wish to export the config from is set to one that has a private key in pfSense.
Consider this scenario:
Offline
root CA
+
|
+--> Intermediate CA
+
|
+---------> Sub-Intermediate CA
+
|
+----------> pfSense CA
(with private key)
If I set the "peer CA" in the config to "offline root CA", the OpenVPN daemon will work - it's a self signed certificate, OpenVPN will only work if it's at the root level - but I can't export the client configuration as it won't show in the utility.
If I set in the daemon config the peer CA to "pfSense CA" it won't work but it will let me export the client configuration - including the complete certificate chain for the CAs.
I'm sorry if I'm not clear enough, I'll be happy to provide more evidence and sample configs.
Files
Updated by Jim Pingle over 9 years ago
- Status changed from New to Rejected
I can't replicate this as stated. The current export package does not check for the CA's private key. Perhaps something else along the line isn't matching it properly, but it doesn't look like it has anything to do with the private key. Can you start a forum thread to discuss it in more detail? Then you can open a ticket only once the true issue has been discovered after some diagnosis and discussion on the forum.