Hi their.
I operate my own CA, imported in OPNsense and would like to use a certificate for OpenVPN Server. I have taken the following steps:
- I imported the certificate of my CA into OPNsense (System: Trust: Authorities)
- Created a CSR for a leaf certificate in OPNsense (System: Trust: Certificates)
- Signed the CSR with my intermediate CA.
- Opened the CSR for editing in OPNsense and inserted the PEM data of the certificate.
- When I try to save the new certificate, I get the error message "Invalid X509 certificate provided: error 20 at 0 depth lookup: unable to get local issuer certificate".
Unfortunately, the list of certificates shows "self-signed" in the "Issuer" column instead of the name of my CA. I cannot select my CA in OPNsense, either when creating the CSR or when importing. The problem is becoming somewhat urgent because I only have 4 days left to replace the certificate that was imported in the same way 3 years ago with a new one. Thanks in advance!
Save the private key of the CSR. Then remove the CSR and import a new certificate by inserting the cert data and the private key.
Quote from: viragomann on August 20, 2025, 09:55:29 PMSave the private key of the CSR. Then remove the CSR and import a new certificate by inserting the cert data and the private key.
Thank you, that helps me a lot.