Netgate Store

Author Topic: Cert Manager Export Password  (Read 2871 times)

0 Members and 1 Guest are viewing this topic.

Offline michaelschefczyk

  • Jr. Member
  • **
  • Posts: 76
  • Karma: +1/-0
    • View Profile
Cert Manager Export Password
« on: May 25, 2015, 06:20:57 pm »
Dear Developers,

It would enhance productivity (e. g., when working with client certificates via FreeRADIUS or HAProxy) if the Cert Manager in general could allow picking an export password for p12 password packages downloaded. OpenVPN Client Export contains a very nice model for this, but it is focused on OpenVPN as the only (very worthwhile) purpose.

Regards,

Michael

Offline harbord

  • Newbie
  • *
  • Posts: 2
  • Karma: +4/-0
    • View Profile
Re: Cert Manager Export Password
« Reply #1 on: December 13, 2015, 11:20:25 am »
Hi,

I would like to use pfSense User Manager and Certificate Manager to create a user and associated certificate for certificate based authentication for EAP-TLS WiFi and IKEv2.

When importing a .p12 certificate identity into OS X Keychain Access .p12 file a password is required. However the pfSense User Manager and Certificate Manager does not provide an option to specify the password for the .p12 file.

How can an password be specified for an .p12 export ?

Offline awair

  • Jr. Member
  • **
  • Posts: 90
  • Karma: +2/-2
    • View Profile
Re: Cert Manager Export Password
« Reply #2 on: January 03, 2017, 01:39:28 am »
I have this same issue on 2.3.2_1. Is there a solution or workaround?
2.4.3 (amd64)
and given up on the SG-1000

Online johnpoz

  • Hero Member
  • *****
  • Posts: 16026
  • Karma: +1529/-221
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Cert Manager Export Password
« Reply #3 on: January 03, 2017, 04:26:33 pm »
I just add the password using openssl.  I think one of the work arounds is using the vpn export client.  I recall someone saying you could do it that way.  But just simple openssl command to add a password to your certs and just combine them into a .p12

I thought I added this to doc file..
Yeah I did
https://doc.pfsense.org/index.php/Using_EAP_and_PEAP_with_FreeRADIUS

Client Requires password on .p12

    If your client will not load the .p12 without a password on it, and space does not work you can add a password with openssl
    Just download user cert and key vs the p12 and with the ca cert use the following command
    openssl pkcs12 -export -certfile ca.crt -in user.crt -inkey user.key -out user.p12


I use this to use eap-tls on my iphone and ipad - ios requires a password.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE-p1 (home)

Offline Dudleydogg

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Cert Manager Export Password
« Reply #4 on: April 16, 2018, 03:21:01 pm »
I just add the password using openssl.  I think one of the work arounds is using the vpn export client.  I recall someone saying you could do it that way.  But just simple openssl command to add a password to your certs and just combine them into a .p12

I thought I added this to doc file..
Yeah I did
https://doc.pfsense.org/index.php/Using_EAP_and_PEAP_with_FreeRADIUS

Client Requires password on .p12

    If your client will not load the .p12 without a password on it, and space does not work you can add a password with openssl
    Just download user cert and key vs the p12 and with the ca cert use the following command
    openssl pkcs12 -export -certfile ca.crt -in user.crt -inkey user.key -out user.p12


I use this to use eap-tls on my iphone and ipad - ios requires a password.

Actually you can export a P 12 Right from PFsense, Then import that into Windows but just be sure to check "Mark this Key as Exportable"  Then go Export the Cert and set a password.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 16026
  • Karma: +1529/-221
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Cert Manager Export Password
« Reply #5 on: April 16, 2018, 03:38:50 pm »
Yeah you can do it that way as well.  But there is no way that I know of to set the password as you export the p12 in cert manager on pfsense with password already on it.  You can do it in the openvpn export, but that is also a work around.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE-p1 (home)

Offline stkfrm

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Cert Manager Export Password
« Reply #6 on: May 01, 2018, 11:47:32 am »
Just wanted to note I submitted a bug to request some joy on this: https://redmine.pfsense.org/issues/8492

It's been helpful to have workarounds but they range from inconsistently effective to tedious.