Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is manual OpenVPN PKI no longer possible on v2.0?

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    5 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      torontob
      last edited by

      Hi everyone,

      I see, I am forced to use the built-in Certificate manager when trying OpenVPN. On v1.2.3, I could simply copy and paste my dh1024 parameter and server certificate and keys directly for PKI when creating OpenVPN server. But version 2.0 doesn't even have PKI in the list of options.

      Why is it removed? The wizard process is very complicated as it stands.

      If it's still possible to copy and paste my own configs, please guide me to it as I can't find it.

      Regards

      1 Reply Last reply Reply Quote 0
      • B
        Briantist
        last edited by

        I am wondering this too…

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Just import your certificates into the cert manager and choose them when making the OpenVPN server or client.

          You do not need to add/import DH parameters. See http://doc.pfsense.org/index.php/Importing_OpenVPN_DH_Parameters

          PKI is still there, it's just labeled differently. SSL/TLS == PKI. Just don't check the box for TLS, and it's the same mode that was there before.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • T
            torontob
            last edited by

            Thanks for reply but my friend I am totally lost. I don't know why someone changes the names as it has thrown me off big time and I am sure others as well…..

            So, in old version here is what I have to input to get a server running:

            CA certificate
            Server certificate
            Server key
            DH parameters

            Where exactly are these in the new 2.0 version? They are not labeled properly in Certificate manager so can you match each one by one and let me know please?

            Also, for client in old version I needed this which I can't relate to in the new 2.0 version and if you can tell me where they should go in the new 2.0?
            CA certificate
            Client certificate
            Client key

            In 2.0 I see:
            Peer Certificate Authority and Client Certificate and TLS Authentication - all of which are new to me.

            Thanks

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              CA/Certs are all handled under System > Certificate Manager.
              Import your CA and Server Cert/Keys there.

              You do not need to import DH parameters.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.