Certificate + PK -> Encrypt w/Password?

[SynAck]

I am trying to use an internal opnsense CA to create a certificate for another device. I've created the certificate and exported the cert + key in the PKCS #12 format, however the device won't allow an import without supplying the password for the private key. If I leave it blank, it just tells me I have to include the password -- there is no option to "import certificate without a password".

I've gone through the certificate screens in opnsense and I don't see a way to encrypt a key with a password prior to export. Is this something that can be done?

[FredTGB]

Hello,

I second this request, for user certificates.
I've created a Mobile client VPN settings, and the usual way to create configurations for VPN Client users is to provide an encrypted p12 file.

Thanks,

Fred.

[mimugmail]

Can you try it via PowerShell?

Import-PfxCertificate –FilePath C:\pfxcert.pfx cert:\localMachine\my

Password should be optional via PS.

[FredTGB]

The generated .p12 is Ok, and can be imported without password.

The suggestion is to have the possibility to specify a password. This is necessary, for security reasons, when you'd like to distribute certificates to users (in my case VPN users).

Regards,

Fred.

[mimugmail]

Can you open a feature request in github/core?
I dont think will be done pre-MVC rewrite ...

[FredTGB]

Done as #2609.