Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Password in client export

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GilG
      Gil Rebel Alliance
      last edited by

      Can anyone define the "Pasword Protect Certificate" option please.
      'Use a password to protect the pkcs12 file contents or key in Viscosity bundle"

      Can this be used for Inline Configs ? (Android / iOS) - I assume not
      But is there a similar way to protect those certs?
      I store them in an encrypted drive, but they are harder o control in distribution.

      11 cheers for binary

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That is for the archive or bundled formats (Windows installer, Viscosity bundle, zip archive)

        There isn't a way to password protect inline configurations in the exported format. For that you'd need to have a passphrase on the certificate itself, which isn't supported in the pfSense GUI at all currently.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          @jimp said in Password in client export:

          which isn’t supported in the pfSense GUI at all currently.

          is that something this will change in some future update? Not a concern of mine - just curious. Like the removal of the email requirement in the gui should prob happen at some future date.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          jimpJ 1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate @johnpoz
            last edited by

            @johnpoz said in Password in client export:

            @jimp said in Password in client export:

            which isn’t supported in the pfSense GUI at all currently.

            is that something this will change in some future update? Not a concern of mine - just curious. Like the removal of the email requirement in the gui should prob happen at some future date.

            It would break quite a lot or effectively nullify the security since it either (a) would have to store the password for the cert, which seems like a bad idea, or (b) it wouldn't be able to use the certificate internally for certain purposes in those cases so we'd need more code to filter/exclude them from being listed in various places throughout the GUI.

            It's not impossible, just impractical and thus far we haven't had a compelling reason to jump through all the hoops to do it.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by johnpoz

              no not for the gui being used for web ui.. But for creating say a user cert on export of the key, etc.

              It wouldn't need to be stored anywhere.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              jimpJ 1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate @johnpoz
                last edited by

                @johnpoz said in Password in client export:

                no not for the gui being used for web ui.. But for creating say a user cert on export of the key, etc.

                Ah, that is more likely, but would require some extra smarts in the exporting code to collect/validate/apply the password. Doable but as above, thus far hasn't been something we've put any energy into.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  Yeah not a big issue, when you need to install into something that wants to see a password you can just add it via openssl.. Was just curious - thanks. When your wanting your ios phone to connect to a eap-tls wifi network it wants a password. It will not take blank, and space doesn't work, etc.

                  Not a big deal if doing a handful.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.