/usr/local.org

User Tools

Site Tools

You are here: Home » Documents » Tips 'n tricks (IT) » ipfire
docs:tips_n_tricks:ipfire.html

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revisionBoth sides next revision
docs:tips_n_tricks:ipfire.html [18.02.2015 16:22 CET] – created peterdocs:tips_n_tricks:ipfire.html [27.10.2018 19:09 CEST] peter
Line 11: Line 11:
   * As you don't have a CA Key on the ipfire, you can't generate client certificate, but you must import them. Starting point is still the "Add" button in the client list, just use the "upload" feature instead of "generate ...".   * As you don't have a CA Key on the ipfire, you can't generate client certificate, but you must import them. Starting point is still the "Add" button in the client list, just use the "upload" feature instead of "generate ...".
   * When creating client certificates by //TinyCA2//, pay attention to unset the "add email address to CN" checkbox when signing the request (i.e. creating the certificate) as ipfire obviously can't cope with that extension and throws an internal server error when using the cn value as filename, which contains a slash.   * When creating client certificates by //TinyCA2//, pay attention to unset the "add email address to CN" checkbox when signing the request (i.e. creating the certificate) as ipfire obviously can't cope with that extension and throws an internal server error when using the cn value as filename, which contains a slash.
 +
 +===== Bugs =====
 +==== IPFire 2.17 (i586) - Core Update 98  ====
 +  * If a clients certificate subject consists **only** of the comon name (CN), TLS verification will fail due to the regular expression used in ''/usr/lib/openvpn/verify'' to get the value of CN=...
 +
docs/tips_n_tricks/ipfire.html.txt · Last modified: 09.10.2023 14:42 CEST by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki