SSL/TLS + User Auth with Local User Manager & External Cert Creation



  • Is it possible to use PFS' internal 'User Manager' with OpenVPN's setting of 'SSL/TLS + User Auth' when all certs are created externally and NOT contained in the user's profile?

    I would like for OpenVPN to match the CN of the certificate with the user name in the local database and authenticate against it. How can I accomplish that?


  • Rebel Alliance Developer Netgate

    Yes that works OK but you could not use the client export package with such a setup.

    The CN matching is done using the certificate presented by the client at login, it doesn't matter if it was generated by pfsense or external, it checks the CN of that cert with the username.



  • I never did update this post…. everything is working well.
    Thanks, jimp!


Log in to reply