Certificate + PK -> Encrypt w/Password?

SynAck · May 25, 2018, 05:16:01 AM

I am trying to use an internal opnsense CA to create a certificate for another device. I've created the certificate and exported the cert + key in the PKCS #12 format, however the device won't allow an import without supplying the password for the private key. If I leave it blank, it just tells me I have to include the password -- there is no option to "import certificate without a password".

I've gone through the certificate screens in opnsense and I don't see a way to encrypt a key with a password prior to export. Is this something that can be done?

FredTGB · August 03, 2018, 09:09:36 AM

Hello,

I second this request, for user certificates.
I've created a Mobile client VPN settings, and the usual way to create configurations for VPN Client users is to provide an encrypted p12 file.

Thanks,

Fred.

mimugmail · August 03, 2018, 02:44:14 PM

Can you try it via PowerShell?

Import-PfxCertificate –FilePath C:\pfxcert.pfx cert:\localMachine\my

Password should be optional via PS.

FredTGB · August 06, 2018, 08:38:06 AM

The generated .p12 is Ok, and can be imported without password.

The suggestion is to have the possibility to specify a password. This is necessary, for security reasons, when you'd like to distribute certificates to users (in my case VPN users).

Regards,

Fred.

mimugmail · August 06, 2018, 09:36:40 AM

Can you open a feature request in github/core?
I dont think will be done pre-MVC rewrite ...

FredTGB · August 06, 2018, 11:46:04 AM

Done as #2609.

Certificate + PK -> Encrypt w/Password?

SynAck

May 25, 2018, 05:16:01 AM

FredTGB

August 03, 2018, 09:09:36 AM #1

mimugmail

August 03, 2018, 02:44:14 PM #2

FredTGB

August 06, 2018, 08:38:06 AM #3

mimugmail

August 06, 2018, 09:36:40 AM #4

FredTGB

August 06, 2018, 11:46:04 AM #5