2019-01-29 19:26:39 +00:00
|
|
|
==================
|
2019-08-27 13:53:18 +00:00
|
|
|
Trust
|
2019-01-29 19:26:39 +00:00
|
|
|
==================
|
|
|
|
|
|
|
|
|
|
In OPNsense, certificates are used for ensuring trust between peers. To make using them easier, OPNsense allows creating
|
|
|
|
|
certificates from the front-end. In addition to that, it also allows creating certificates for other purposes,
|
|
|
|
|
avoiding the need to use the ``openssl`` command line tool. Certificates in OPNsense can be managed from
|
2019-03-06 17:27:21 +00:00
|
|
|
:menuselection:`System --> Trust --> Certificates`.
|
2019-01-29 19:26:39 +00:00
|
|
|
|
|
|
|
|
Examples of OPNsense components that use certificates:
|
|
|
|
|
* OpenVPN
|
|
|
|
|
* IPsec
|
|
|
|
|
* Captive Portal
|
|
|
|
|
* Web Proxy
|
|
|
|
|
|
|
|
|
|
-----------------
|
|
|
|
|
Certificate types
|
|
|
|
|
-----------------
|
|
|
|
|
|
|
|
|
|
The following types of certificate can be generated in OPNsense:
|
|
|
|
|
|
|
|
|
|
* Client
|
|
|
|
|
* Server
|
|
|
|
|
* Combined Client/Server
|
|
|
|
|
* Certificate Authority
|
|
|
|
|
|
|
|
|
|
In addition to this, OPNsense can generate a Certificate Signing Request (CSR). This can be used if you want to create a
|
|
|
|
|
certficate signed by an external CA.
|
|
|
|
|
|
|
|
|
|
.. warning::
|
|
|
|
|
|
|
|
|
|
Make sure that you select the correct certificate type, as many clients will refuse connection (or at least show
|
|
|
|
|
errors) if an incorrect certificate type is used. For example, you can use either a server certificate or a
|
2019-05-02 15:53:49 +00:00
|
|
|
combined client/server certificate to secure the connection to the web interface, but not a CA or client certificate.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------
|
|
|
|
|
Usage examples
|
|
|
|
|
-------------------------
|
|
|
|
|
In :doc:`/manual/how-tos/self-signed-chain` you will find examples of how to setup certificate chains yourself.
|
