Re: [pfSense] user certs
2015-01-30 4:07 GMT-02:00 A Mohan Rao mohanra...@gmail.com: any bod help which version is use squid and squid guard in pfsense 2.2 amd 64 Please, start your own thread. -- Thiago Coutinho O povo não deveria temer o governo. O governo é quem deveria temer o povo. V de Vingança ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] user certs
https://vtllf.org/blog/ssh-web-sign-in :) 2015-01-29 15:55 GMT-02:00 Chris Buechler c...@pfsense.com: On Thu, Jan 29, 2015 at 9:12 AM, Randy Bush ra...@psg.com wrote: Randy (and I, since I suggested it to him) was under the impression that it was possible to use client-side certificates to access the UI, since password authentication, however filtered, is not always good / secure enough. seems downright quaint to have a security product that uses passwords Ok, that's more along the lines of what I was thinking. Yeah that would be a nice feature, definitely something we're interested in supporting in the future. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold -- Thiago Coutinho O povo não deveria temer o governo. O governo é quem deveria temer o povo. V de Vingança ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] user certs
Randy (and I, since I suggested it to him) was under the impression that it was possible to use client-side certificates to access the UI, since password authentication, however filtered, is not always good / secure enough. seems downright quaint to have a security product that uses passwords randy ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] user certs
Chris Buechler (cmb) writes: If you're using user certs generated elsewhere, no need to import the certs into the user manager at all. There a requirement for that somewhere that I'm missing? Randy (and I, since I suggested it to him) was under the impression that it was possible to use client-side certificates to access the UI, since password authentication, however filtered, is not always good / secure enough. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] user certs
On Thu, Jan 29, 2015 at 9:12 AM, Randy Bush ra...@psg.com wrote: Randy (and I, since I suggested it to him) was under the impression that it was possible to use client-side certificates to access the UI, since password authentication, however filtered, is not always good / secure enough. seems downright quaint to have a security product that uses passwords Ok, that's more along the lines of what I was thinking. Yeah that would be a nice feature, definitely something we're interested in supporting in the future. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] user certs
any bod help which version is use squid and squid guard in pfsense 2.2 amd 64 On Thu, Jan 29, 2015 at 11:25 PM, Chris Buechler c...@pfsense.com wrote: On Thu, Jan 29, 2015 at 9:12 AM, Randy Bush ra...@psg.com wrote: Randy (and I, since I suggested it to him) was under the impression that it was possible to use client-side certificates to access the UI, since password authentication, however filtered, is not always good / secure enough. seems downright quaint to have a security product that uses passwords Ok, that's more along the lines of what I was thinking. Yeah that would be a nice feature, definitely something we're interested in supporting in the future. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] user certs
On Sat, Jan 24, 2015 at 1:03 PM, Randy Bush ra...@psg.com wrote: 2.2-RELEASE (i386) the book does not cover user certs. [yes, i donated by payng for gold] and https://doc.pfsense.org/index.php/User_Manager is not very helpful. if i go to create user, it offers to create a user cert, by default off the openvpn client ca. but i live in a world which already has a cert universe, so i already have a user cert descending from the same ca which signed the https cert. once the user has been created, i can go back and edit user and this time it takes me to the cert paste page. but that lets me paste a cert but also demands teh key. the user should not have their key anywhere but on their very private machine. so color me confused on how to use a cert as a user credential. The cert, in that context, is intended for where you're managing the certs entirely within the built-in cert manager. Then it's used for OpenVPN Client Export from there, where it must have the key. I can't think of any current use of that functionality outside of that. If you're using user certs generated elsewhere, no need to import the certs into the user manager at all. There a requirement for that somewhere that I'm missing? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] user certs
2.2-RELEASE (i386) the book does not cover user certs. [yes, i donated by payng for gold] and https://doc.pfsense.org/index.php/User_Manager is not very helpful. if i go to create user, it offers to create a user cert, by default off the openvpn client ca. but i live in a world which already has a cert universe, so i already have a user cert descending from the same ca which signed the https cert. once the user has been created, i can go back and edit user and this time it takes me to the cert paste page. but that lets me paste a cert but also demands teh key. the user should not have their key anywhere but on their very private machine. so color me confused on how to use a cert as a user credential. randy ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold