system_certmanager.php?act=new: Add new select option to sign a CSR
Certificate Manager -> Certificates -> Add New: There would be a new select option 'Sign a Certificate Signing Request'. This would allow the user to paste a CSR, then pick a CA from the pfSense configuration to sign that CSR.
THe signed certificate would be presented on-screen to allow it to be copied to the clipboard, or downloaded to the user's workstation.
#1 Updated by Steve Beaver 3 months ago
- Status changed from New to Feedback
Functionality has been added as requested
#4 Updated by James Snell 3 months ago
The option "Sign a Certificate Signing Request" is now present.
Created a signing request against the local CA.
The request was listed. Selecting it from the list did not import the signing request data or key into the textboxes and it wasn't clear where to obtain the CSR Key in the required format.
I downloaded and copied the text from the requests .key file (which may not be correct) and received an OpenSSL error :-
openssl library returns: error:0906D06C:PEM routines:PEM_read_bio:no start line
Not sure if this is user error on my part or a code issue.
#7 Updated by Steve Beaver 3 months ago
A fix for the Openssl library error is on the way.
Select Method->Sign a Certificate Signing Request
Use the "CSR to sign" control to select an existing CSR, or select "New" to paste in a new one.
If creating a new one:
Paste the PEM formatted CSR into the CSR Data textbox
The Key data field is optional and can be used to associate a private key with the newly signed cert in the pfSense configuration
#11 Updated by Larry Westfall 29 days ago
External generated CSR failed with
The following input errors were detected:
•This signing request does not appear to be valid.
Also there does not seem to be a way to choose between a user and server cert.
Below is the request:
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----