Project

General

Profile

Actions
Copy link

Bug #5912

closed

OpenVPN Client Export Utility works only if "peer CA" in the daemon is set to an internal CA

Added by Marco B. over 9 years ago. Updated over 9 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
02/19/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.2.5
Affected Plus Version:
Affected Architecture:

Description

With pfSense 2.2.6, and OpenVPN Client Export Utility 1.3.0 I can't export a client config unless the "peer CA" of the server I wish to export the config from is set to one that has a private key in pfSense.

Consider this scenario:

Offline
root CA
+ |
+--> Intermediate CA
+ |
+---------> Sub-Intermediate CA
+ |
+----------> pfSense CA
(with private key)

If I set the "peer CA" in the config to "offline root CA", the OpenVPN daemon will work - it's a self signed certificate, OpenVPN will only work if it's at the root level - but I can't export the client configuration as it won't show in the utility.
If I set in the daemon config the peer CA to "pfSense CA" it won't work but it will let me export the client configuration - including the complete certificate chain for the CAs.
I'm sorry if I'm not clear enough, I'll be happy to provide more evidence and sample configs.

Files

client export.png (202 KB) client export.png Marco B., 02/19/2016 04:17 PM
Actions
Copy link

Also available in: Atom PDF