OPNsense Forum

English Forums => General Discussion => Topic started by: nsky on November 05, 2024, 05:38:31 pm

Title: Client certificates (mTLS) in Caddy plugin
Post by: nsky on November 05, 2024, 05:38:31 pm

Hi,

am I right, that the Caddy reverse proxy plugin (https://github.com/opnsense/plugins/tree/master/www/caddy (https://github.com/opnsense/plugins/tree/master/www/caddy)) currently has no possibility to configure TLS client certificates through the GUI?

If yes, my approach would be to add a custom config file since the generated Caddyfile imports anything from

Code: [Select]

/usr/local/etc/caddy/caddy.d/*.conf.

But for this, I need to know where OPNsense stores the generated CAs and certificates when using System --> Security to create them. Can someone tell me where they are stored? I need the file path to provide them in the Caddy config...

Thanks and best regards

Title: Re: Client certificates (mTLS) in Caddy plugin
Post by: Monviech (Cedrik) on November 05, 2024, 06:01:49 pm

https://github.com/opnsense/plugins/issues/4089

PRs welcome, all the framework is there. It should be very easy to add to the GUI.

There is a script that will automatically extract certificates from System - Trust for caddy here:

https://github.com/opnsense/plugins/blob/bb69d4653746320c0bf4363eb42f63906b5584e8/www/caddy/src/opnsense/scripts/OPNsense/Caddy/caddy_certs.php#L35

It runs automatically when caddy reloads or starts so the certs are all there.