Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't Export OpenVPN Client

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 4 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vorlov
      last edited by

      Hello,
      I have my Comodo ssl certificate, Added CA and CRT in cert manager. Then I used it in OpenVPN configuration.
      When I try to export client I get an error as in 11th screenshot. Is there any solution of such problem?

      1.JPG
      1.JPG_thumb
      2.JPG
      2.JPG_thumb
      3.JPG
      3.JPG_thumb
      4.JPG
      4.JPG_thumb
      5.JPG
      5.JPG_thumb
      6.JPG
      6.JPG_thumb
      7.JPG
      7.JPG_thumb
      8.JPG
      8.JPG_thumb
      9.JPG
      9.JPG_thumb
      10.JPG
      10.JPG_thumb
      11.JPG
      11.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        You apparently are missing bunch of intermediate certificates, plus… you should search this forum before trying to deploy certificates issued by public CA on a VPN.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          My guess would be the actual cert is referencing it different.. You put in bogus info for that CA and called it What you wanted to call it.. That is not actually what the cert references would be my guess.

          What exactly does this buy you may I ask?  I see no point in using anything other then self signed for this sort of thing..  If anything your actually lowering your overall security.  Because since your vpn server is using a cert that is signed by public.  In theory someone else could get a cert signed by this CA and use that to have your client think they are talking to your vpn.. Yeah its a bit tinfoil hatty and all.. But other than spending money or time you didn't really have to spend to get some other CA to create your cert and sign it..  I really don't see the point to this.. Your having to give your clients the info and certs to connect to your vpn.  So why not just give them your self signed ca at the same time?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • V
            vorlov
            last edited by

            @johnpoz:

            My guess would be the actual cert is referencing it different.. You put in bogus info for that CA and called it What you wanted to call it.. That is not actually what the cert references would be my guess.

            What exactly does this buy you may I ask?  I see no point in using anything other then self signed for this sort of thing..  If anything your actually lowering your overall security.  Because since your vpn server is using a cert that is signed by public.  In theory someone else could get a cert signed by this CA and use that to have your client think they are talking to your vpn.. Yeah its a bit tinfoil hatty and all.. But other than spending money or time you didn't really have to spend to get some other CA to create your cert and sign it..  I really don't see the point to this.. Your having to give your clients the info and certs to connect to your vpn.  So why not just give them your self signed ca at the same time?

            Im experiencing problems with connecting from macOS. I suppose that mac blocks cert signed by pfsense, cuz mac considers it untrusted. And now Im trying  to test it with Comodo cert, that previously trusted.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              Publicly signed certs have no business being on OpenVPN and no client would have problems because of that. You're making things much more difficult for no benefit.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.