mirror of
https://github.com/opnsense/docs
synced 2024-11-09 01:10:33 +00:00
34 lines
1.2 KiB
ReStructuredText
34 lines
1.2 KiB
ReStructuredText
==================
|
|
Using certificates
|
|
==================
|
|
|
|
In OPNsense, certificates are used for ensuring trust between peers. To make using them easier, OPNsense allows creating
|
|
certificates from the front-end. In addition to that, it also allows creating certificates for other purposes,
|
|
avoiding the need to use the ``openssl`` command line tool. Certificates in OPNsense can be managed from
|
|
**System->Trust->Certificates**.
|
|
|
|
Examples of OPNsense components that use certificates:
|
|
* OpenVPN
|
|
* IPsec
|
|
* Captive Portal
|
|
* Web Proxy
|
|
|
|
-----------------
|
|
Certificate types
|
|
-----------------
|
|
|
|
The following types of certificate can be generated in OPNsense:
|
|
|
|
* Client
|
|
* Server
|
|
* Combined Client/Server
|
|
* Certificate Authority
|
|
|
|
In addition to this, OPNsense can generate a Certificate Signing Request (CSR). This can be used if you want to create a
|
|
certficate signed by an external CA.
|
|
|
|
.. warning::
|
|
|
|
Make sure that you select the correct certificate type, as many clients will refuse connection (or at least show
|
|
errors) if an incorrect certificate type is used. For example, you can use either a server certificate or a
|
|
combined client/server certificate to secure the connection to the web interface, but not a CA or client certificate. |