Automation of users and certificates creation

ferchu · Mar 1, 2023, 3:46 PM

Hi,

I regularly have to create new users in my pfsense installation. Normally, the process involves:

setting the username
stetting the full name
selecting the CA
overriding the default key size
overriding the default expiration date
exporting the asociated OpenVPN (.ovpn) profile

Is there any way to automate this, at least all the user creation bits (i.e., excluding the ovpn profile export).

Note: it's totally fine if automating things involves me SSH'ing to PFsense as opposed to using the GUI.

Thanks!

F

stephenw10 · Mar 1, 2023, 5:16 PM

There is no built in automation for that. You could probably do something with php shell scripts. Some coding would be required though.

https://docs.netgate.com/pfsense/en/latest/development/php-shell.html

Steve

ferchu · Mar 1, 2023, 5:46 PM

@stephenw10 Hello, Steve! Thanks so much for your prompt response!

Quick question: is it a valid expectation that for everything that can be done in the GUI it's also possible to do it with the PHP shell?

I ask because I've just checked the reference you've provided, but it seems it's not possible to e.g. create users or user certificates via PHP shell.

Is that correct?

Thanks!

stephenw10 · Mar 1, 2023, 6:20 PM

No, pfSense is intended to be used through the webgui. There will be functions that only work that way. But you could likely create a php shell script that created users with certs. It would need to be coded directly though.
If you have a very large number of users you probably want to be using some external authentication server anyway.