On Sat, Jan 24, 2015 at 1:03 PM, Randy Bush <ra...@psg.com> wrote: > 2.2-RELEASE (i386) > > the book does not cover user certs. [yes, i donated by payng for gold] > and https://doc.pfsense.org/index.php/User_Manager is not very helpful. > > if i go to create user, it offers to create a user cert, by default off > the openvpn client ca. but i live in a world which already has a cert > universe, so i already have a user cert descending from the same ca > which signed the https cert. > > once the user has been created, i can go back and edit user and this > time it takes me to the cert paste page. but that lets me paste a cert > but also demands teh key. the user should not have their key anywhere > but on their very private machine. > > so color me confused on how to use a cert as a user credential. >
The cert, in that context, is intended for where you're managing the certs entirely within the built-in cert manager. Then it's used for OpenVPN Client Export from there, where it must have the key. I can't think of any current use of that functionality outside of that. If you're using user certs generated elsewhere, no need to import the certs into the user manager at all. There a requirement for that somewhere that I'm missing? _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold