4. Multiple Peer Certificate Authorities

Multiple Peer Certificate Authorities

  • B

    I change our CA for our OpenVPN Clients. We manage our PKI outside of PfSense and import the Certificates through the Cert Manager. To migrate the Clients step by step i like OpenVPN to accept Clients with Certificates from multiple Certificate Authorities. This is supported by OpenVPN through concatenated PEMs in a File which is referenced by the ca Config Option.

    At the Webinterface of pfSense only a Drop-Down List at Peer Certificate Authority is available.

    I patched vpn_openvpn_server.php and openvpn.inc to not overwrite the ca File.

    It would be nice, if the Webinterface of pfSense supports multiple Peer Certificate Authorities.

    I search at redmine, but can not find such a feature Request.

    0
  • Rebel Alliance Developer Netgate

    Export both CAs certs, then import them as a new single CA with both PEMs included in the import box.

    –- begin blahblah ---
    blahblah
    --- end blahblah ---
    --- begin blahblah ---
    blahblah
    --- end blahblah ---

    0
  • B

    Too easy  ;)

    Tested and fine.

    Could this be documented in the Wiki?

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy