Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Certificate Manager -> CA

    Scheduled Pinned Locked Moved
    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    5
    5.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Stef
      last edited by

      Hi

      When I've installed both a CA and then installed a certificate from the same CA, the CA is correctly marked as external, however when I add a certificate of the same CA, the count stays 0, I don't know if that's normal / intended ?

      If I add the certificate with –public Key-- root CA / --public key--cert / -- private key, the certificate works fine for the admin console.
      However when I look at the Distinguished Name, doesn't correspond with the root CA also inserted.
      When I insert a certificate --public key--cert / -- private key i can't make the certificate to work for the admin console, the box becomes unresponding. However the Distinguished Name does correspond with the root certificate.

      What would be normal behaviour for this ?

      When I do use internal certificates that's not an issue...

      1 Reply Last reply Reply Quote 0
      • M
        mgrooms
        last edited by

        CA certificates that are generated by pfSense can be internally managed. Everything else is externally managed. If a CA and certificate singed by that CA are both created inside pfSense, a correlation would be shown in the Certificate Manager. If an administrator imports both a CA and a Certificate signed by that CA, there will be no correlation shown.

        Do you mean that you can't use an imported certificate when the webconfigurator is switch to https mode?

        1 Reply Last reply Reply Quote 0
        • S
          Stef
          last edited by

          The imported certificate works as long as I include it the following way:

          –---BEGIN CERTIFICATE-----
          Root CA
          -----END CERTIFICATE-----
          -----BEGIN CERTIFICATE-----
          Pf Sense Certificate
          -----END CERTIFICATE-----

          -----BEGIN RSA PRIVATE KEY-----
          Pf Sense  Certificate
          -----END RSA PRIVATE KEY-----

          If i don't add the public key Root CA the webconfigurator https mode is not working.

          However for the moment this works the same way as the way it did in 1.2

          If there is no correlation between an external root CA and an external certificate, is there any point in being able to import an external root CA then ? or am I missing something ?

          1 Reply Last reply Reply Quote 0
          • M
            mgrooms
            last edited by

            Yeah. The CA can be used to verify certificates presented by a remote host for different services. A few examples of this would be OpenVPN and IPsec ( although the latter has yet to be converted ).

            As for your issue, I don't have any idea why pasting the CA along with the Cert should have any effect on the web server working correctly. You shouldn't even be able to do that. Are you sure the private key you are pasting in is the private key for the certificate and not the private key for the CA?

            1 Reply Last reply Reply Quote 0
            • S
              Stef
              last edited by

              yea I'm shure it's the private key certificate from the certificate and not from the root CA. The root ca is microsoft Certification server and I don't have that private key.

              Well hope you guys solve this issue, keep up the good work.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.