Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: vivekmauli14 on November 08, 2024, 08:31:33 AM

Title: Missing .crt Download Option in CA Management (OPNsense 24.7)
Post by: vivekmauli14 on November 08, 2024, 08:31:33 AM
I've recently migrated a user's device to OPNsense 24.7 and noticed that the CA management interface has transitioned from legacy code to MVC. While generating a certificate, I can't seem to find the option to download the .crt file, which was available in previous versions. This is critical for his setup as we rely on accessing the .crt for distribution and further integration.

I've checked available documentation from OPNsense and Zenarmor, but they all reference the older interface where the .crt download option is still mentioned. Have I missed an alternative method for downloading the certificate in 24.7, or is this functionality being updated in an upcoming release?

If there are any new best practices or workflows for managing certificates with this update, I'd appreciate any guidance or references.

Best,
VivekSP
Title: Re: Missing .crt Download Option in CA Management (OPNsense 24.7)
Post by: Monviech (Cedrik) on November 08, 2024, 09:15:56 AM
You can just rename ".pem" to ".crt" after downloading the file when using "certificate" as download option. Its the same.
Title: Re: Missing .crt Download Option in CA Management (OPNsense 24.7)
Post by: vivekmauli14 on November 08, 2024, 11:47:32 AM
Hi,
I was actually trying to setup web proxy and I faced several issues while setting it up, I was wandering if this was the case, In my research came across this for the understanding of certs, https://stackoverflow.com/questions/63195304/difference-between-pem-crt-key-files (https://stackoverflow.com/questions/63195304/difference-between-pem-crt-key-files)

I also tried renaming the file from pem to crt but it wasn't of any help. Incase you can guide in this matter further would be of great help.

Thanks!
Title: Re: Missing .crt Download Option in CA Management (OPNsense 24.7)
Post by: Monviech (Cedrik) on November 08, 2024, 11:54:21 AM
What you need depends on what your application expects.

Some want a certificate bundle. Some want seperate files for CA and Leaf Certificate and Private Key.

Without knowing whats expected its hard to give a suggestion what to do.



Title: Re: Missing .crt Download Option in CA Management (OPNsense 24.7)
Post by: franco on November 08, 2024, 12:35:59 PM
In general ".pem" means PEM format, ".crt" means PEM or DER format, but as Cedrik said some applications expect only DER for .crt and worst case a PEM in MS line ending format. OpenSSL conversion utilities are your friend here.

https://www.ssl.com/guide/pem-der-crt-and-cer-x-509-encodings-and-conversions/


Cheers,
Franco
Title: Re: Missing .crt Download Option in CA Management (OPNsense 24.7)
Post by: vivekmauli14 on November 18, 2024, 09:35:34 AM
Hii Franco,

Im perticularly facing the issue while configuring the web filter using squid and OPNproxy. This is the same issue I had raised here: https://forum.opnsense.org/index.php?topic=41817.msg205619#msg205619 (https://forum.opnsense.org/index.php?topic=41817.msg205619#msg205619) , .PEM is getting installed but while browsing it is popping up with error that not able to reach the site.

Best,
VivekSP
Text only | Text with Images