• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

New OpenVPN Server with external SSL cert - no export option

Scheduled Pinned Locked Moved OpenVPN
3 Posts 2 Posters 2.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    SysIT
    last edited by Nov 25, 2013, 7:07 PM Nov 25, 2013, 6:37 PM

    Hello guru's,

    I have run into a snag that is driving me nuts, sure as usual it is something small i am missing.

    I have several Pfsense boxes, and on them OpenVPN running fine, but i use self signed / generated certs created in Pfsense for my OpenVPN server and users to use as i use

    Remote Access TLS/SSL + User Auth

    I just put up a new box, but i have a signed SSL cert from RapidSSL i want to use instead, however i am getting the dreaded CA cert match error on the Client Export tab under OpenVPN

    NOTE: If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager.

    I have redone the VPN server about 100 times now as well as the user as well as importing the certs, triple checking all options. using the same cert for both the server and user

    I created the CA's and Certificates using my signed .csr and .key files (i also included the primary and secondary root certs in the .csr)

    I made sure they are all using 2048bit encryption as that is what the certs were created with.

    System: User Manager

    I set up the user info and have tried both

    Click to create a user certificate. selected and not selected..

    Selecting  Click to create a user certificate. i choose the Certificate authority as my signed SSL certificate and set a Descriptive name

    This how does not show me the export option under

    OpenVPN: Client Export Utility

    Not sure what i am missing that is not allowing me to use my signed SSL cert for OpenVPN, the OpenVPN service has started and runs fine

    ¸,ø¤°`°¤ø,¸© Poor Planning On Your Part Does Not Constitute An Emergency On My Part ©¸,ø¤°`°¤ø,¸
    ¸,ø¤°`°¤ø,¸© The trouble with life is there’s no background music ©¸,ø¤°`°¤ø,¸
    ¸,ø¤°`°¤ø,¸© Life isnt short, you're just dead for too long©¸,ø¤°`°¤ø,¸

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Nov 25, 2013, 8:06 PM

      Why would you want to do that for your VPN? It gains you nothing and gives you tons of headaches.

      That said, the main problems are that the server certificate:
      1. Is not a server certificate
      2. Does not appear to have your imported CA listed as its issuer

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • S
        SysIT
        last edited by Nov 25, 2013, 9:15 PM

        Not sure, was thinking would of been nice, but if it really doesn't offer anything over self signed certs, then no reason for me to do it!

        I have been revising my network and consolidating all admin tools under a domain and using https on everything and so thought why not use the cert on VPN since i have it.

        I clearly have had the "headache" part of it so far!

        Appreciate the response.

        ¸,ø¤°`°¤ø,¸© Poor Planning On Your Part Does Not Constitute An Emergency On My Part ©¸,ø¤°`°¤ø,¸
        ¸,ø¤°`°¤ø,¸© The trouble with life is there’s no background music ©¸,ø¤°`°¤ø,¸
        ¸,ø¤°`°¤ø,¸© Life isnt short, you're just dead for too long©¸,ø¤°`°¤ø,¸

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received