Pfsense Certificate error with x509_strict
-
Hello
I have creat a CA-My domain in Pfsense
I have creat a server certificateWhen I chek the CA and certificate with openssl like this
openssl verify -verbose -CAfile /etc/ssl/certs/CA-MyDomain.local.crt /etc/ssl/certs/MyServer.crt
I get a good result
/etc/ssl/certs/MyServer.crt: OK
But if I add the option "-x509_strict" it does not work
openssl verify -verbose -x509_strict -CAfile /etc/ssl/certs/CA-MyDomain.local.crt /etc/ssl/certs/MyServer.crt
I get an error
CN = internal-ca, C = FR, ST = Country, L = City, O = "MyOrg ", OU = Home error 89 at 1 depth lookup: Basic Constraints of CA cert not marked critical error /etc/ssl/certs/MyServer.crt: verification failed
Any idee of the problem ?
-
@ewok2 said in Pfsense Certificate error with x509_strict:
Any idee of the problem ?
Yeah "Basic Constraints of CA cert not marked critical" But I am not aware of setting such stuff in the gui.. If you need the cert and or ca to meet specific stuff like that, prob best to create with openssl directly..
https://www.openssl.org/docs/man3.0/man1/openssl-verification-options.html
This goes over what is checked with that x509 strict..
If you need your CA to have stuff that gui does not allow for, you can always create the CA in openssl, and then import into pfsense Cert Manager for ease of signing certs..
-
Thanks for help
In fact I have a error when trying to connect LAM (Ldap Acount Manager) with ldaps://
I thought it was due to thi CA x509_strict error. but it was not the problemI can fom another vm connect in ldaps:// to my ldap...
The strange thing is when creating CA + cert with openssl then testing the CA and cert with x509_strict I get the same answer...
=> so it is not a pfsense issue ;-)