core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon opnsense

associating user and certificate

Open burghy86 opened this issue 1 year ago • 7 comments

Hello. I have updated OPNsense to the latest version 24.7. I have a problem associating a certificate with the local user. When I click "+" on "user certificate," it takes me to the "trust" section, and the tab to create a new certificate opens. In that section, I cannot choose an already created one, and if I create a new certificate, it still remains unused.

how to associate openvpnclient certificate and export ovpn config file with a correct certificate?

To Reproduce

Steps to reproduce the behavior:

  1. Go to 'user'
  2. Click on 'root' and edit
  3. click + on user certificates
  4. is not possibile associaton trust and user

Versions OPNsense 24.7.3_1-amd64 FreeBSD 14.1-RELEASE-p3 OpenSSL 3.0.14

burghy86 avatar Sep 06 '24 08:09 burghy86

Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

The easiest option to gain traction is to close this ticket and open a new one using one of our templates.

OPNsense-bot avatar Sep 06 '24 09:09 OPNsense-bot

I've read the other issues. I understand that you need to create a certificate with the same name as the user, and then it auto-associates. It's not very clear, but it's fine; I've tried it, and it works great. It will definitely be a problem if I want multiple certificates for the same user

burghy86 avatar Sep 06 '24 09:09 burghy86

This is a really big step back in usability.

jl-stellar avatar Sep 30 '24 14:09 jl-stellar

CNs must match, certificates are not "manually" linked... it was said elsewhere a few times now.

fichtner avatar Oct 16 '24 12:10 fichtner

https://forum.opnsense.org/index.php?topic=43306.0

chimmmpie avatar Oct 17 '24 12:10 chimmmpie

With the older versions of OPNsense, I have users linked to the Windows LDAP domain. If the users are part of the _vpn group, then they can connect. However, there is only one certificate. Will this still be possible?

burghy86 avatar Oct 18 '24 15:10 burghy86

With the older versions of OPNsense, I have users linked to the Windows LDAP domain. If the users are part of the _vpn group, then they can connect. However, there is only one certificate. Will this still be possible?

yes, nothing changed with the group membership checks.

AdSchellevis avatar Oct 18 '24 15:10 AdSchellevis

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue, just let us know, so we can reopen the issue and assign an owner to it.

OPNsense-bot avatar Mar 05 '25 08:03 OPNsense-bot

Is there now a way to associate the same certificate to multiple users?

chimmmpie avatar Mar 05 '25 08:03 chimmmpie

not in our plans. different entities, different purposes.

AdSchellevis avatar Mar 05 '25 08:03 AdSchellevis

Is there a way to associate multiple certificate to the same user?

chimmmpie avatar Mar 05 '25 08:03 chimmmpie