• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Certificate manager and generating public keys

Scheduled Pinned Locked Moved General pfSense Questions
25 Posts 4 Posters 5.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    Derelict LAYER 8 Netgate
    last edited by Dec 28, 2017, 8:47 PM

    Yeah, and there's an export private key so not sure why you dorked with extracting the key from the pkcs12 bundle but glad it's working. :)

    Chattanooga, Tennessee, USA
    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
    Do Not Chat For Help! NO_WAN_EGRESS(TM)

    1 Reply Last reply Reply Quote 0
    • S
      stats2909
      last edited by Dec 28, 2017, 8:50 PM

      I was halfway though that when I noticed that accessing the gui via the IP gave a green url bar.

      AS I couldn't really tell if I'd signed things properly - the switch was hardly forthcoming with info I checked the certificate the browser was seeing.

      It turned out to be the one I'd created at the outset of the process… so felt I'd give that one final go starting fresh before going down the signing route.

      (which i think would have been easiest all along lol)

      Thanks again :)

      1 Reply Last reply Reply Quote 0
      • S
        stats2909
        last edited by Dec 28, 2017, 8:55 PM Dec 28, 2017, 8:51 PM

        @Derelict:

        Yeah, and there's an export private key so not sure why you dorked with extracting the key from the pkcs12 bundle but glad it's working. :)

        Pass…. Something about seeing the wood for the trees comes to mind, that and not really knowing what I'm doing!  ::)

        1 Reply Last reply Reply Quote 0
        • 4
          4o4rh
          last edited by Sep 12, 2020, 10:31 AM

          sorry guys, can someone summarize the idiot proof version of these instructions please.

          • i have created Root CA and Sub-Root CA
          • I have created Server Certificates with the Sub-Root CA
          • i have successfully set these up with openwrt & freenas devices
          • i am struggling to get them working on my two netgear switches.
          4 1 Reply Last reply Mar 7, 2021, 10:30 PM Reply Quote 0
          • 4
            4o4rh @4o4rh
            last edited by Mar 7, 2021, 10:30 PM

            @gwaitsi as I had to do this again, and completely forgot how I did this last time, here are the instructions for 2021.

            1. Save the device cert & key generated in pfsense locally

            2. rename the device.crt to root.pem

            3. convert the private key to rsa private key
              openssl rsa -in device.key -out device_rsa.key

            4. create a file called ssl_key.pem
              a) copy the contents of device.crt into this file from
              -----BEGIN CERTIFICATE-----
              MIIE2jCCA8KgAwIBAgIBHjAN.......
              i1M5xmyTK0cyhwQ==
              -----END CERTIFICATE-----
              b) copy the contents of device_rsa.key into this file below the certificate from
              -----BEGIN RSA PRIVATE KEY-----
              MIIE.....
              ZBjv7j74PS4P7I=
              -----END RSA PRIVATE KEY-----

            5. From the netgear switch "Maintenance", "Update", "HTTP Firmware/File Update" select

              • "X.509 Public Certificate PEM" and load the root.pem
              • "X.509 Certificate Private Key PEM" and load the ssl_key.pem

            6. From the netgear switch "Security", "Access", "HTTPS", "Admin Mode" - Enable.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received