Sorry to insist, but I really need help on this. Trying to simplify, the question is: can I create a password protected client certificate and use the "ta.key" (as described below) on pfSense 2.0?
Thanks in advance, Carlos PS: pfSense is my election appliance, it's an excellent product and I want to continue using it in all my deployments. ---------- Forwarded message ---------- From: Carlos <[email protected]> Date: Mon, Sep 26, 2011 at 7:16 PM Subject: OpenVPN client certificates with password To: [email protected] Hi all,**** ** ** With pfSense 1.2.3 I created all the client certificates with a password associated to it with the command line “build-key-pass”.**** ** ** To increase security, I also used the tls-auth directive to add an additional HMAC signature to all SSL/TLS handshake packets for integrity verification with command line “openvpn --genkey --secret ta.key”, then exported the “ta.key” with the ca.crt, client .crt and .key files. I then included on the advanced options the line “tls-auth /root/easyrsa4pfsense/keys/ta.key 0”, on server side, and a similar line on the client side config file.**** ** ** My question is: can I use the same options on 2.0 release? I didn’t find any command line to create client certificates with a password nor to generate the “ta.key”. I need to use both security options in all my deployments.**** ** ** Thanks in advance.**** ** ** Regards,**** Carlos**** -- ******* *http://www.sebastiaoguerra.com* <http://www.sebastiaoguerra.com> *http://www.atelierdamoto.com* <http://www.atelierdamoto.com> *http://www.blocoa3.com* <http://www.blocoa3.com/> ------------------------------------------------------------------------------ Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e destinados, exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este e-mail por erro, por favor, contacte-nos. Obrigado. This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify us. Antes de imprimir este e-mail pense se necessita mesmo de o fazer
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
