Project

General

Profile

Feature #7383

system_certmanager.php?act=new: Add new select option to sign a CSR

Added by Steve Beaver about 2 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
03/13/2017
Due date:
% Done:

0%


Description

Certificate Manager -> Certificates -> Add New: There would be a new select option 'Sign a Certificate Signing Request'. This would allow the user to paste a CSR, then pick a CA from the pfSense configuration to sign that CSR.

THe signed certificate would be presented on-screen to allow it to be copied to the clipboard, or downloaded to the user's workstation.

History

#1 Updated by Steve Beaver about 2 months ago

  • Status changed from New to Feedback

#2 Updated by John Murphy about 2 months ago

Current Base System 2.4.0.b.20170314.0021

Option not displayed in Cert. Manager GUI. Checked CAs, Certificates, and Certificate Revocation. The option doesn't appear in any of the method drop downs.

#3 Updated by Steve Beaver about 2 months ago

Use a build from after the time the change was made. Your build was made at 0021 hrs, the new code was added at 1300 hrs. You should see it in the next snapshot.

#4 Updated by James Snell about 2 months ago

Build 2.4.0.b.20170314.2306

The option "Sign a Certificate Signing Request" is now present.

Created a signing request against the local CA.

The request was listed. Selecting it from the list did not import the signing request data or key into the textboxes and it wasn't clear where to obtain the CSR Key in the required format.

I downloaded and copied the text from the requests .key file (which may not be correct) and received an OpenSSL error :-

openssl library returns: error:0906D06C:PEM routines:PEM_read_bio:no start line

Not sure if this is user error on my part or a code issue.

#5 Updated by John Murphy about 2 months ago

Current Base System 2.4.0.b.20170315.0313

Option not available. What am I missing? Isn't this a later snapshot? Maybe that would be a good feature - the ability to select from the 20 most current snapshots if you're on the development train.

#6 Updated by Jim Pingle about 2 months ago

  • Status changed from Feedback to Assigned

I also get "openssl library returns: error:0906D06C:PEM routines:PEM_read_bio:no start line" when attempting to sign an existing CSR or one pasted in to import.

#7 Updated by Steve Beaver about 2 months ago

A fix for the Openssl library error is on the way.

Select Method->Sign a Certificate Signing Request

Use the "CSR to sign" control to select an existing CSR, or select "New" to paste in a new one.

If creating a new one:
Paste the PEM formatted CSR into the CSR Data textbox
The Key data field is optional and can be used to associate a private key with the newly signed cert in the pfSense configuration

Click "Save"

#8 Updated by Steve Beaver about 1 month ago

  • Status changed from Assigned to Feedback

#9 Updated by James Snell about 1 month ago

Build 2.4.0.b.20170323.1221

I was able to create a signing request and sign it via the UI.

The CSR remained in the certificates list after being signed and I was able to sign it again. If this is correct behaviour then we can close this issue.

#10 Updated by Steve Beaver about 1 month ago

  • Status changed from Feedback to Closed

Also available in: Atom PDF