Multiple Peer Certificate Authorities
-
I change our CA for our OpenVPN Clients. We manage our PKI outside of PfSense and import the Certificates through the Cert Manager. To migrate the Clients step by step i like OpenVPN to accept Clients with Certificates from multiple Certificate Authorities. This is supported by OpenVPN through concatenated PEMs in a File which is referenced by the ca Config Option.
At the Webinterface of pfSense only a Drop-Down List at Peer Certificate Authority is available.
I patched vpn_openvpn_server.php and openvpn.inc to not overwrite the ca File.
It would be nice, if the Webinterface of pfSense supports multiple Peer Certificate Authorities.
I search at redmine, but can not find such a feature Request.
-
Export both CAs certs, then import them as a new single CA with both PEMs included in the import box.
–- begin blahblah ---
blahblah
--- end blahblah ---
--- begin blahblah ---
blahblah
--- end blahblah --- -
Too easy ;)
Tested and fine.
Could this be documented in the Wiki?
