Certificate Manager -> CA

  • Hi

    When I've installed both a CA and then installed a certificate from the same CA, the CA is correctly marked as external, however when I add a certificate of the same CA, the count stays 0, I don't know if that's normal / intended ?

    If I add the certificate with –public Key-- root CA / --public key--cert / -- private key, the certificate works fine for the admin console.
    However when I look at the Distinguished Name, doesn't correspond with the root CA also inserted.
    When I insert a certificate --public key--cert / -- private key i can't make the certificate to work for the admin console, the box becomes unresponding. However the Distinguished Name does correspond with the root certificate.

    What would be normal behaviour for this ?

    When I do use internal certificates that's not an issue...

  • CA certificates that are generated by pfSense can be internally managed. Everything else is externally managed. If a CA and certificate singed by that CA are both created inside pfSense, a correlation would be shown in the Certificate Manager. If an administrator imports both a CA and a Certificate signed by that CA, there will be no correlation shown.

    Do you mean that you can't use an imported certificate when the webconfigurator is switch to https mode?

  • The imported certificate works as long as I include it the following way:

    Root CA
    -----END CERTIFICATE-----
    Pf Sense Certificate
    -----END CERTIFICATE-----

    Pf Sense  Certificate
    -----END RSA PRIVATE KEY-----

    If i don't add the public key Root CA the webconfigurator https mode is not working.

    However for the moment this works the same way as the way it did in 1.2

    If there is no correlation between an external root CA and an external certificate, is there any point in being able to import an external root CA then ? or am I missing something ?

  • Yeah. The CA can be used to verify certificates presented by a remote host for different services. A few examples of this would be OpenVPN and IPsec ( although the latter has yet to be converted ).

    As for your issue, I don't have any idea why pasting the CA along with the Cert should have any effect on the web server working correctly. You shouldn't even be able to do that. Are you sure the private key you are pasting in is the private key for the certificate and not the private key for the CA?

  • yea I'm shure it's the private key certificate from the certificate and not from the root CA. The root ca is microsoft Certification server and I don't have that private key.

    Well hope you guys solve this issue, keep up the good work.

Log in to reply