Where are the certificates depending from an external CA?
-
Hi all,
in System => Certificates => Authorities I have two external CAs which report respectively 1 and 2 in the "Certificates" column.
However, I do not see any dependent certificate in the System => Certificates => Certificates tab.
Where are those certificates? How can I find them?Thank you in advance
Cris -
Hmm, odd. Do you have certs shown for other CAs?
What pfSense version?
Steve
-
Hi @stephenw10 , thank you for your reply.
Yes, the certificates for the other CAs are there.
pfSense CE 2.7.2:
-
Anything pfSense knows about should show there.
You could check the config file directly. In the
<ca>section of each of those CAs you will see a reference id:<ca> <refid>61a91f84b426a</refid> <descr><![CDATA[OpenVPN_CA]]></descr> .... <serial>3</serial> </ca>You can then search the config for anywhere that is used. It should show in any certs using it:
<cert> <refid>6274496db468d</refid> <descr><![CDATA[plusdev]]></descr> <type>user</type> <caref>61a91f84b426a</caref> .... </cert> -
@stephenw10 thank you very much!
Where do I find the config file?
I tried to grep for "<refid>" in the /etc directory, but found nothing. -
You can download it from Diag > Backup/Restore.
-
@stephenw10 I think I got it.
The first external CA shows "1" in the certificates column.
Looking in the config file I see that his refid is only mentioned in another CA under the<caref>tag. The other CA shows "0" in the certificates column.
So I suppose this is actually a certificate chain where the other CA is the root CA and the original CA is the intermediate.Same happens for the second case: this time the CA has a "2" in the certificates column, and in the config I can only find his refid in the
<caref>tag of two other CAs. So I suppose this is a chain of three CAs.
Indeed, the other two CAs have a "0" and a "1" in the certificates column.Thank you for your hint, I would never have understood this without looking in the config file.
Cris
-
Ah, intermediate certs would do it. Nice!
