OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of treadnaught »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - treadnaught

Pages: [1]
1
General Discussion / Re: Intermediate CA for OpenVPN Clients' Certificates
« on: June 30, 2023, 01:12:36 pm »
Franco,

Thanks for your quick reply. I will definitely put in a feature request on the github page once I get the Intermediate CA set up on my OPNsense device.

For the Intermediate CA request, are there any specific OIDs that I need to include for the firewall to accept the CA cert for use? Only reason I ask is that the web server certificate required the Netscape SSL Server OID before it would work on the web server.

Thank you in advance for your time,
Treadnaught

2
General Discussion / Intermediate CA for OpenVPN Clients' Certificates
« on: June 29, 2023, 04:42:19 am »
Good evening!

Firstly, just wanted to say that I am really appreciative of all the work done by the dev team and community members that brought OPNsense to where it is now. Thank you all for what you do.

Problem set:
I'm trying to set up an intermediate Certificate Authority to issue certificates for OpenVPN clients for remote access that I'm going to be implementing soon, but I've already got an external CA for the beginning of my chain of trust and do not wish to generate a new internal root CA.

The road warrior documentation covers setting up an internal root CA and then generating an intermediate CA based off of that local root CA, but I would like to set up an intermediate CA that is signed by my internal root CA so I won't have to import another root CA certificate to trust.

Searching the forums previously has not yielded anything of this nature that I could find so far.

Whenever I go to System > Trust > Authorities, I have my root CA configured as the top of the chain, but when attempting to create an intermediate CA, it does not give me the option to generate a CSR to take to my root CA for issuing. Is there a way to generate a CSR somewhere in the web UI that I'm not finding? Or is there a list of requirements for the CSR that I can use to generate the request on the OPNsense firewall?

Thank you in advance for your time,
Treadnaught

P.S. Perhaps this could be turned into a feature request sometime down the road for anyone else as crazy as I am.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2