New OpenVPN Server with external SSL cert - no export option
SysIT last edited by
I have run into a snag that is driving me nuts, sure as usual it is something small i am missing.
I have several Pfsense boxes, and on them OpenVPN running fine, but i use self signed / generated certs created in Pfsense for my OpenVPN server and users to use as i use
Remote Access TLS/SSL + User Auth
I just put up a new box, but i have a signed SSL cert from RapidSSL i want to use instead, however i am getting the dreaded CA cert match error on the Client Export tab under OpenVPN
NOTE: If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager.
I have redone the VPN server about 100 times now as well as the user as well as importing the certs, triple checking all options. using the same cert for both the server and user
I created the CA's and Certificates using my signed .csr and .key files (i also included the primary and secondary root certs in the .csr)
I made sure they are all using 2048bit encryption as that is what the certs were created with.
System: User Manager
I set up the user info and have tried both
Click to create a user certificate. selected and not selected..
Selecting Click to create a user certificate. i choose the Certificate authority as my signed SSL certificate and set a Descriptive name
This how does not show me the export option under
OpenVPN: Client Export Utility
Not sure what i am missing that is not allowing me to use my signed SSL cert for OpenVPN, the OpenVPN service has started and runs fine
Why would you want to do that for your VPN? It gains you nothing and gives you tons of headaches.
That said, the main problems are that the server certificate:
1. Is not a server certificate
2. Does not appear to have your imported CA listed as its issuer
SysIT last edited by
Not sure, was thinking would of been nice, but if it really doesn't offer anything over self signed certs, then no reason for me to do it!
I have been revising my network and consolidating all admin tools under a domain and using https on everything and so thought why not use the cert on VPN since i have it.
I clearly have had the "headache" part of it so far!
Appreciate the response.