• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN JumpCloud Server Certificate not showing up

Scheduled Pinned Locked Moved OpenVPN
2 Posts 1 Posters 446 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    se_marc
    last edited by se_marc Feb 25, 2021, 9:47 PM Feb 25, 2021, 9:45 PM

    anyone able to assist on this, i haven't had to mess with certs much and i am probably doing something wrong. im having some trouble with getting a jumpcloud server cert showing up under OpenVPN server settings field "Server certificate"

    I am running pfsense 2.5.0

    I am following instructions here: https://support.jumpcloud.com/support/s/article/jumpcloud-ldaps-ssl-certificate1#Command

    the KB article above indicates the following command outputs only the JumpCloud LDAP Server certificate

    echo -n | openssl s_client -connect ldap.jumpcloud.com:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/jumpcloud.ldap.pem

    i run that command from my ubuntu vm, and then go to System > Cert Manager > Certificates > add/sign

    import existing certificate

    paste in the certificate data that was generated from the command above

    save

    I see the cert added as a Server cert.

    95719983-08bc-45ad-9f7b-2c549da63353-image.png

    Now i go to add an OpenVPN server and its not listed under Server certificate.

    dbf2195f-7bad-4181-b9a5-50a29809a389-image.png

    Much appreciated

    1 Reply Last reply Reply Quote 0
    • S
      se_marc
      last edited by Mar 15, 2021, 9:17 PM

      so after a bit of playing around i ended up figuring out how to get it working. i'm not the best with certs but here is a video for how to configure:

      Youtube Video

      steps:

      1. list itemBefore anything, follow the instructions on JumpCloud for setting up LDAP and binding a user to LDAP: https://support.jumpcloud.com/support/s/article/using-jumpclouds-ldap-as-a-service1
      • The following command outputs the certificate authority to the /tmp/ directory as jumpcloud.chain.pem.
      echo -n | openssl s_client -connect ldap.jumpcloud.com:636 -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/jumpcloud.chain.pem

      1. Skip the first certificate of the chain.

      2. Add the next 3 certificates in the chain individually as Certificate Authorities in pfSense using the following settings:

      • System > Cert. Manager > CAs tab > Add

      • Descriptive name: JumpCloud CA (add a 1, 2, and 3 after each certificate)

      • Method: Import an Existing Ceritifcate Authority

      • Trust Store: check this box

      • Randomize Serial: check this box

      • Certificate Data: paste the single certificate here

      • Save

      1. The following command outputs only the JumpCloud LDAP Server certificate to the /tmp/ directory as jumpcloud.ldap.pem
      echo -n | openssl s_client -connectldap.jumpcloud.com:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/jumpcloud.ldap.pem
      1. Add the Server Certificate to pfSense.

      • System > Cert. Manager > Certificates tab > Add/Sign

      • Method: Import an Existing Certificate

      • Descriptive name: JumpCloud Server Certificate

      • Certificate data: paste the certificate here

      • Save

      If you don't have a JumpCloud account set up and bound to LDAP, you'll need to do that first.

      You can use your account or create a new user. There only needs to be one bound account but there can be multiple.

      In JumpCloud:

      • Users > Select the user you'd like bound to LDAP > User Security Settings and Permissions > check the Enable as LDAP Bind DN box and Save user

      • LDAP > Add a new LDAP server > Add the user groups or users

      • Create the LDAP Server in pfSense

      NOTE: you can get YOUR_ORG_ID from JumpCloud's Settings page

      1. System > User Manager > Authentication Servers tab > Add

      • LDAP Server Settings:

      • Type: LDAP

      • Hostname or IP Address: ldap.jumpcloud.com

      • Port Value: 636 (SSL)

      • Transport: SSL - Encrypted

      • Peer Certificate Authority: JumpCloud LDAPS SSL Client Certificate

      • Protocol Version: 3

      • Search Scope - Level: Entire Subtree

      • Search Scope - Base DN: ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com

      • Authentication Containers: ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com

      • Extended Query: &(objectClass=inetOrgPerson)(uid=*)

      • Bind Credentials - User DN: uid= ldap-binding user,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com

      • Bind Credentials - Password: ldap-binding-user's-password

      • User Naming Attribute: uid

      • Group Naming Attribute: cn

      • Group Member Attribute: memberOf

      • Group Object Class: groupOfNames

      • Save

      1. Test the authentication in pfSense

      • Diagnostics > Authentication > LDAP

      • put in your user name and password and click Test

      • You should see a green box indicating success

      Setting up OpenVPN:

      1. Type of Server: LDAP

      2. LDAP servers: Choose the JumpCloud LDAP server you created in the previous steps

      3. Certificate Authority: choose the OpenVPN authority you created earlier

      4. Certificate: Choose the OpenVPN certificate you created earlier

      5. Change any other settings to your liking and you're all set.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received