Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - Using Root CA and Intermediate CA in certificate chain.

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 132 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BioNature
      last edited by

      Hi!

      I had a problem with my OpenVPN configuration which include 2 CA In it. Basically my PKI have 2 CA - Root CA which is allowed for creating other CA(Intermediate), and Intermediate CA which is responsible for creating User Certificates.

      When I try to Export bundle(config and cert) p12 does not include Root CA, which cause error while connecting to server "...cannot validate issuer..." which corresponds to Intermediate CA in p12 file. Creating this certificate by hand using openssl and including Root CA, Intermediate CA, User Certificate nad Private Key gives positive results. If there is possibility that this scenario was never taken into consideration ?

      I'm using External PKI - not certificate panel in pfsense due to security policies in my company.

      For any help to resolve this problem I will be very greatful. People with knowledge about how it was designed and intended to work please also leave some info - it will make better understand openvpn and client export tool, because maybe I'm doing something wrong.

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.