Tuesday, October 6, 2015

How to import a certficate into MACOSX for ipsec vpn

In this blog, I will show you how we export a pfSense  generate certificate and re-import the certificate as a pkcs12 format certificate into  MACOSX 10.10.x.

1st you need to find the user certificate and export the certificate+key files from pfsense. This is the 1st step.

Your firewall administrator should have already generate a signer CA and have a master certificate to sign from. He/She will execute this step.

This above step will create 2 named files. These  files should be secured  and passphrase protected imho. To not leave these around and use a strong passphrase

e.g

BAD = mypassword
Good = Her2kssedfgj
Better = Heirs mein3 assP3hdy3 Se3nd mdededdd


Here's the certificate manager on a pfsense-firewall and the highlight download buttons that we will use to download the certificate and key ( x509+ RSA formatted )



don't download the pkcs format file, it's tempting but you must have a set passphrase when importing into MACOSX we will set a passphrase on the conversion step using openssl

Take the certificate and key files and convert these into pkcs12  ( aka p12 ) format using openssl;


https://en.wikipedia.org/wiki/PKCS_12


Now to import the  newly crafted certifcate,  you can  open the MACOSX KeyChain access utility;


1: provide authentication in order to make changes to the keychain access ( your credentials )

2: import the certificate into system > my certificate

3: supply the passphrase that you have set during the x509 to  pkcs conversion.

4: close the key chain utility


Once this  has been done, you can now select the certificate in your MACOSX vpn-client details;


Ensure you select the right certificate for that user and installed the correct username in the vpn_client profile


NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

No comments:

Post a Comment