Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with two CAs

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 380 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      de0xyrib0se
      last edited by

      I have two CA's for client certificates from two locations.

      Both locations utilize 'pivpn', which generates the CA certificate automatically during the install.

      Up until 2.5 life was good, however now I'm having issues where the pfsense open vpn client complains of self-signed certificate. Dug through the forums and it seems this error is actually thrown when the wrong CA is used to validate the server key.

      Long story short, when creating the CAs in pfsense they appear as if one issued the other and vice versa. Whichever CA I import last appears to have issued the one I imported previously. The latest one shows as 'self-signed', as expected.

      With all of the above in mind, pfsense is somehow confusing who issued the CA certificates.

      Has anyone run into this before? If so, how can I fix it?

      cas.jpg

      D 1 Reply Last reply Reply Quote 0
      • D
        de0xyrib0se @de0xyrib0se
        last edited by

        Modified the pivpn install script and set the CN for one location to be different.

        It seems pfsense computes identical hashes otherwise and gets confused which is which.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.