LDAP+Certificate for OPenVPN on PFSense 2.1.2
-
I have successfully done the following:
- Setup a LocalCA on the PFSense Box
- Setup an LDAP Authentication Server
- Tested and it is working
- Installed the OpenVPN Client Export Package
Now I want to know the best way to setup Certificate + User-Auth against LDAP to authenticate users. So I did the following:
- Create a Certificate using the LocalCA with the same common name as the LDAP user ID = jsmith
- Run through the Wizard and it completes and I can download and install the windows client and it logs in, however it is not utilizing the client certificate.
For the client export is shows: Authentication Only (No Cert) for user and "none" for Certificate name. I am sure it is something simply I am missing, but how do I create certificates for users and get them to show in the client install packages section?
Any help / pointers appreciated.
Thank you,
Brian -
You have to assign your CA to your OVPN server and the user have to get a certificate from the same CA.
For this go to System > user manager > server tab and add your LDAP server there. After it is configured correctly you should see the user at users tab, edit the user and add a certificate.