1st you need to find the user certificate and export the certificate+key files from pfsense. This is the 1st step.
Your firewall administrator should have already generate a signer CA and have a master certificate to sign from. He/She will execute this step.
This above step will create 2 named files. These files should be secured and passphrase protected imho. To not leave these around and use a strong passphrase
e.g
BAD = mypassword
Good = Her2kssedfgj
Better = Heirs mein3 assP3hdy3 Se3nd mdededdd
Here's the certificate manager on a pfsense-firewall and the highlight download buttons that we will use to download the certificate and key ( x509+ RSA formatted )
Take the certificate and key files and convert these into pkcs12 ( aka p12 ) format using openssl;
https://en.wikipedia.org/wiki/PKCS_12
Now to import the newly crafted certifcate, you can open the MACOSX KeyChain access utility;
1: provide authentication in order to make changes to the keychain access ( your credentials )
2: import the certificate into system > my certificate
3: supply the passphrase that you have set during the x509 to pkcs conversion.
4: close the key chain utility
Once this has been done, you can now select the certificate in your MACOSX vpn-client details;
Ensure you select the right certificate for that user and installed the correct username in the vpn_client profile
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment