Messages

I'd like to use pkcs12 files as they are encrypted with a password. Today I installed version 23.7 in a virtual machine to compare the old certificates (which has included the CA certificate) with those which I created using the openssl CLI. While the ordering of the certificates in the bundle are the same, the old one seem to use legacy providers. Apart from that I can't see any difference.

Is there any reason why the CA certificate is not included in the pkcs12 bundle anymore?

Hello,

about a year ago I changed my WLAN to use EAP-TLS authentication with self signed certificates from OPNsense. For this I created a root CA with which I issued a server certificate and for each device a client certificate. Everything worked flawlessly. Recently the certificates expired and because of this I thought I renew the whole process and I created a new root CA, a new server certificate and a new client certificate for an Android device.

But something seems to be different. The last time I was able to download a certificate bundle for the server certificate and the client certificate which included also the CA certificate. In some version (24.1?) the GUI has changed, there's now a dialog to select what should be downloaded. When selecting PKCS#12 it seems to be nearly the same but the CA certificate is missing so the certificate chain is incomplete. When installing the certificate on the Android device it doesn't even connect to the Radius server so it seems the server certificate is not accepted for the connection.

I spent a few hours trying to find out how to accomplish the same certificate bundle (as before) using the OpenSSL CLI but failed doing so. I've got some PKCS#12 certificates but did not get it to work on the Android device. I guess that the root cause is the order of the certificates in the bundle but I don't get it right. Any advice?

This is the command which I used recently:

openssl pkcs12 -export -inkey server_prv.pem -in server_crt.pem -certfile root_crt.pem -out servercert.p12

I have exactly the same issue after update to 24.1.2. Didn't test 24.1.1 because I updated from 23.x. In my case it seems to be a DNS issue as when using the ip address instead of the hostname it works without any flaws. I use RDP over VPN.

Same here, but I was overwhelmed with the many options without any tutorial. Is the tutorial for the new "Connections" tab being extended for EAP-TLS in the near future?