Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    New OpenVPN Server with external SSL cert - no export option

    OpenVPN
    2
    3
    1737
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SysIT
      last edited by

      Hello guru's,

      I have run into a snag that is driving me nuts, sure as usual it is something small i am missing.

      I have several Pfsense boxes, and on them OpenVPN running fine, but i use self signed / generated certs created in Pfsense for my OpenVPN server and users to use as i use

      Remote Access TLS/SSL + User Auth

      I just put up a new box, but i have a signed SSL cert from RapidSSL i want to use instead, however i am getting the dreaded CA cert match error on the Client Export tab under OpenVPN

      NOTE: If you expect to see a certain client in the list but it is not there, it is usually due to a CA mismatch between the OpenVPN server instance and the client certificates found in the User Manager.

      I have redone the VPN server about 100 times now as well as the user as well as importing the certs, triple checking all options. using the same cert for both the server and user

      I created the CA's and Certificates using my signed .csr and .key files (i also included the primary and secondary root certs in the .csr)

      I made sure they are all using 2048bit encryption as that is what the certs were created with.

      System: User Manager

      I set up the user info and have tried both

      Click to create a user certificate. selected and not selected..

      Selecting  Click to create a user certificate. i choose the Certificate authority as my signed SSL certificate and set a Descriptive name

      This how does not show me the export option under

      OpenVPN: Client Export Utility

      Not sure what i am missing that is not allowing me to use my signed SSL cert for OpenVPN, the OpenVPN service has started and runs fine

      ¸,ø¤°`°¤ø,¸© Poor Planning On Your Part Does Not Constitute An Emergency On My Part ©¸,ø¤°`°¤ø,¸
      ¸,ø¤°`°¤ø,¸© The trouble with life is there’s no background music ©¸,ø¤°`°¤ø,¸
      ¸,ø¤°`°¤ø,¸© Life isnt short, you're just dead for too long©¸,ø¤°`°¤ø,¸

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Why would you want to do that for your VPN? It gains you nothing and gives you tons of headaches.

        That said, the main problems are that the server certificate:
        1. Is not a server certificate
        2. Does not appear to have your imported CA listed as its issuer

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          SysIT
          last edited by

          Not sure, was thinking would of been nice, but if it really doesn't offer anything over self signed certs, then no reason for me to do it!

          I have been revising my network and consolidating all admin tools under a domain and using https on everything and so thought why not use the cert on VPN since i have it.

          I clearly have had the "headache" part of it so far!

          Appreciate the response.

          ¸,ø¤°`°¤ø,¸© Poor Planning On Your Part Does Not Constitute An Emergency On My Part ©¸,ø¤°`°¤ø,¸
          ¸,ø¤°`°¤ø,¸© The trouble with life is there’s no background music ©¸,ø¤°`°¤ø,¸
          ¸,ø¤°`°¤ø,¸© Life isnt short, you're just dead for too long©¸,ø¤°`°¤ø,¸

          1 Reply Last reply Reply Quote 0
          • First post
            Last post