User Tools

Site Tools


docs:tips_n_tricks:ipfire.html

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

docs:tips_n_tricks:ipfire.html [18.02.2015 15:22]
peter created
docs:tips_n_tricks:ipfire.html [27.10.2018 17:09] (current)
peter
Line 11: Line 11:
   * As you don't have a CA Key on the ipfire, you can't generate client certificate,​ but you must import them. Starting point is still the "​Add"​ button in the client list, just use the "​upload"​ feature instead of "​generate ...".   * As you don't have a CA Key on the ipfire, you can't generate client certificate,​ but you must import them. Starting point is still the "​Add"​ button in the client list, just use the "​upload"​ feature instead of "​generate ...".
   * When creating client certificates by //​TinyCA2//,​ pay attention to unset the "add email address to CN" checkbox when signing the request (i.e. creating the certificate) as ipfire obviously can't cope with that extension and throws an internal server error when using the cn value as filename, which contains a slash.   * When creating client certificates by //​TinyCA2//,​ pay attention to unset the "add email address to CN" checkbox when signing the request (i.e. creating the certificate) as ipfire obviously can't cope with that extension and throws an internal server error when using the cn value as filename, which contains a slash.
 +
 +===== Bugs =====
 +==== IPFire 2.17 (i586) - Core Update 98  ====
 +  * If a clients certificate subject consists **only** of the comon name (CN), TLS verification will fail due to the regular expression used in ''/​usr/​lib/​openvpn/​verify''​ to get the value of CN=...
 +
docs/tips_n_tricks/ipfire.html.txt · Last modified: 27.10.2018 17:09 by peter