I operate my own root and intermediate CA and would like to use a certificate for the Syslog client (TLS). I have taken the following steps:
- I imported the certificates of both CAs into OPNsense (System: Trust: Authorities)
- Created a CSR for a leaf certificate in OPNsense (System: Trust: Certificates)
- Signed the CSR with my intermediate CA.
- Opened the CSR for editing in OPNsense and inserted the PEM data of the certificate.
- When I try to save the new certificate, I get the error message "Invalid X509 certificate provided: error 20 at 0 depth lookup: unable to get local issuer certificate".
I performed this process some time ago and had no problems. Unfortunately, I cannot find any documentation for my request. I would be very grateful if someone could help. Thanks in advance.
I have not tested this on my own, so this me just guessing a few things worth checking.
- I the time correct on all systems?
- Is your Root CA and Intermediate CA still valid?
- May you have used another Intermediate CA to sign the CSR, as you have imported into OPNsense?
- Check content of all involved certificates with 'openssl x509 -noout -text -in /path/to.pem | less'