2
0
mirror of https://github.com/opnsense/docs synced 2024-10-30 21:20:20 +00:00

Create page about using certificates (#114)

This commit is contained in:
Michael Steenbeek 2019-01-29 20:26:39 +01:00 committed by Ad Schellevis
parent c16e90459b
commit c17776d351
2 changed files with 35 additions and 0 deletions

View File

@ -25,6 +25,7 @@ User Manual
manual/netflow
manual/logging
manual/aliases
manual/certificates
manual/vpnet
manual/ips
manual/proxy

View File

@ -0,0 +1,34 @@
==================
Using certificates
==================
In OPNsense, certificates are used for ensuring trust between peers. To make using them easier, OPNsense allows creating
certificates from the front-end. In addition to that, it also allows creating certificates for other purposes,
avoiding the need to use the ``openssl`` command line tool. Certificates in OPNsense can be managed from
**System->Trust->Certificates**.
Examples of OPNsense components that use certificates:
* OpenVPN
* IPsec
* Captive Portal
* Web Proxy
-----------------
Certificate types
-----------------
The following types of certificate can be generated in OPNsense:
* Client
* Server
* Combined Client/Server
* Certificate Authority
In addition to this, OPNsense can generate a Certificate Signing Request (CSR). This can be used if you want to create a
certficate signed by an external CA.
.. warning::
Make sure that you select the correct certificate type, as many clients will refuse connection (or at least show
errors) if an incorrect certificate type is used. For example, you can use either a server certificate or a
combined client/server certificate to secure the connection to the web interface, but not a CA or client certificate.