Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    User Certificate creation issue

    OpenVPN
    2
    4
    338
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pavol.jurko
      last edited by pavol.jurko

      Hi guys,

      I am running pfSense version 2.7.2-RELEASE (amd64), and I have been experiencing issues since the last update. When creating a new user, I usually check the "create certificate" option for OpenVPN access. However, when I navigate to System / Certificates / Certificates, the user certificate lacks details such as CN, OU, O, L, Valid from, and Valid To.

      Additionally, when attempting to export the certificate, it shows a length of 0, indicating that the new user certificates are not being created correctly. I am unable to generate an OpenVPN configuration using the client export tool, and I receive the following error message:

      "A private key cannot be empty if PKCS#11 or Microsoft Certificate Store is not used.
      Failed to export config files."

      Everything was working fine before the upgrade. Any advice on what might be wrong?

      Certificate list looks like - image

      Thank you.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        I can't replicate that here. When I choose the option to create a user certificate, the certificate is created as expected.

        Are there any errors in the system log or on the dashboard after that fails?

        It could be an issue with the CA you are choosing, if somehow it isn't valid for signing it may not be successful in that step.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          pavol.jurko
          last edited by

          Hi, sorry for the late reply. My customer asked me to fix this pending issue, and I have a headache from it.

          I have tried to generate a new CA and create user certificates using the new CA, but the issue persists. The user certificate is still empty when I check "Create user certificate" during the user creation request.

          When I try to generate the certificate manually, an error is displayed: OpenSSL Library Error: error:0480006C routines::no start line

          Which log do i have to check?

          1 Reply Last reply Reply Quote 0
          • P
            pavol.jurko
            last edited by

            It really looks like there is an issue with the pfSense GUI. I exported ca.crt and ca.key to the local filesystem. Then I used the openssl command in the SSH console to generate user.crt and user.key signed with the exported ca.crt.

            The next step was to create a user with certificates (but the certificate manager generates an empty certificate and key). Go to the certificate manager, edit the existing empty certificate and key, and copy the data from the .crt and .key files on the filesystem.

            Everything works fine, including OpenVPN. So I don't know what could be causing the issue in the GUI...

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.