OPNsense Forum

English Forums => General Discussion => Topic started by: SynAck on May 25, 2018, 05:16:01 am

Title: Certificate + PK -> Encrypt w/Password?
Post by: SynAck on May 25, 2018, 05:16:01 am

I am trying to use an internal opnsense CA to create a certificate for another device. I've created the certificate and exported the cert + key in the PKCS #12 format, however the device won't allow an import without supplying the password for the private key. If I leave it blank, it just tells me I have to include the password -- there is no option to "import certificate without a password".

I've gone through the certificate screens in opnsense and I don't see a way to encrypt a key with a password prior to export. Is this something that can be done?

Title: Re: Certificate + PK -> Encrypt w/Password?
Post by: FredTGB on August 03, 2018, 09:09:36 am

Hello,

I second this request, for user certificates.
I've created a Mobile client VPN settings, and the usual way to create configurations for VPN Client users is to provide an encrypted p12 file.

Thanks,

Fred.

Title: Re: Certificate + PK -> Encrypt w/Password?
Post by: mimugmail on August 03, 2018, 02:44:14 pm

Can you try it via PowerShell?

Import-PfxCertificate –FilePath C:\pfxcert.pfx cert:\localMachine\my

Password should be optional via PS.

Title: Re: Certificate + PK -> Encrypt w/Password?
Post by: FredTGB on August 06, 2018, 08:38:06 am

The generated .p12 is Ok, and can be imported without password.

The suggestion is to have the possibility to specify a password. This is necessary, for security reasons, when you'd like to distribute certificates to users (in my case VPN users).

Regards,

Fred.

Title: Re: Certificate + PK -> Encrypt w/Password?
Post by: mimugmail on August 06, 2018, 09:36:40 am

Can you open a feature request in github/core?
I dont think will be done pre-MVC rewrite ...

Title: Re: Certificate + PK -> Encrypt w/Password?
Post by: FredTGB on August 06, 2018, 11:46:04 am

Done as #2609.