Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client Export - Could not locate the CA reference for the server certificate.

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 3 Posters 5.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • hugoeyngH
      hugoeyng
      last edited by

      Hello.

      The clients to export
      2.4.5-RELEASE-p1 (amd64)
      built on Tue Jun 02 17:51:17 EDT 2020
      FreeBSD 11.3-STABLE

      At VPN -> OpenVPN -> Client Export there was a list of clients that I could export the config file.

      Today when I went there to export a client, the list of those clients were no more there.

      At this window I can read "Only OpenVPN-compatible user certificates are shown".

      I did not change certificates.

      Then I removed the certificate from the user and recreated it as "User Certificate".

      The user appeared in the list again, but when I try to export it the message "Could not locate the CA reference for the server certificate" appears and doesn´t export anything.

      If I create de certificate as Server Certificate the user doesn´t appear in the list to export.

      What should I look for?

      I love pfSense!

      Hugo Eyng
      Datamais Sistemas

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Sounds like your certificates were not properly configured before.

        Your server certificate and user certificates should be made with the same CA.

        The server certificate should be created as a server certificate only.

        The user certificates should be created as user certificates only.

        If you chose the server certificate option when making user certificates in the past, that wasn't correct. Newer versions of OpenVPN have begun rejecting those certificates, so the export package now filters them out.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 1
        • hugoeyngH
          hugoeyng
          last edited by

          Thank you for your answer @jimp

          Do I need one client and one server certificate for each user?

          I love pfSense!

          Hugo Eyng
          Datamais Sistemas

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            No.

            You only need one server certificate, for the server itself. If you have multiple servers, you can use one server certificate per server, though multiple servers could all use the same server certificate.

            Each user only needs its user certificate, made with the same CA that made the server certificate.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 2
            • hugoeyngH
              hugoeyng
              last edited by

              Hello @jimp

              The CA:

              ca.png

              The user certifcate:

              92a77d8a-f021-4ae3-b568-faaf19899d03-image.png

              The user setup:

              37940367-9346-4c4c-aecc-7a5d53773a29-image.png

              The client export:

              691631d6-c7ec-4e58-a9cc-717dc767b97d-image.png

              75908e4f-fbe9-4057-b469-280f44724c25-image.png

              a10955bd-9f25-4f75-a491-9f469806cd4b-image.png

              I love pfSense!

              Hugo Eyng
              Datamais Sistemas

              devnetD 2 Replies Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                What about the server certificate?

                The error is complaining about that, not the user certificate.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 1
                • devnetD
                  devnet @hugoeyng
                  last edited by

                  @hugoeyng Hello Friend,

                  I was facing the same issue when I set up PfSense OpenVPN. I tried the below steps and I got a positive result. Hope it will be helpful.

                  1. If you already tried to set up and facing the same issue, Then delete all current configurations related to OpenVPN

                  2. Now Start to set up from scratch using the setup wizard.

                  • In the second step of the setup wizard, it will give you the prompt to generate a CA certificate.

                  Now Complete the remaining setup as per your requirement.

                  Hope that issue will be resolved by step 2.

                  1 Reply Last reply Reply Quote 2
                  • devnetD
                    devnet @hugoeyng
                    last edited by

                    @hugoeyng

                    7bbf42ad-b7b0-4f60-b77f-3abf915c57fb-image.png

                    4f7e418d-9e4e-4751-ba32-d1d20d8e1c26-image.png

                    23cc8ca3-714a-4c0d-91cb-980863fa2964-image.png

                    dc0ce8e6-9968-46db-9bb5-ec008302295f-image.png

                    83f9959c-8162-4eca-bb86-6e4338670481-image.png

                    de9ed4ff-d695-4451-95db-20688914109f-image.png

                    a14f4c94-0de3-4f53-8ac4-0d7344242003-image.png

                    35d6ebff-a693-42df-9466-096e4f55d11b-image.png

                    27c6c956-766d-4ebb-a113-ad0245145f32-image.png

                    Now OpenVPN setup is complete. Make some changes in the settings, for this click on the 
edit button and go to the "Tunnel Settings" Section And click on the checkbox as shown in the image.

                    fc374501-daf3-4e65-9bf7-681b077cb714-image.png

                    Now Create a user to log in to OpenVPN System > User Manager > +Add.

                    ef03d35a-7e57-4c27-a9aa-4144ad163a31-image.png

                    e8852f40-41b0-40a1-b7e3-105203b0cf30-image.png

                    Now go to the OpenVPN client Export and export the user file. Then install the setup file in the system login with username and password.

                    89873547-2daf-4bef-b82b-7784f80e01d9-image.png

                    Have A Great Day!!
                    1 Reply Last reply Reply Quote 1
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.