search

stompro / pfsense-import-certificate

Script to import an SSL certificate into a running pfsense system
BSD 2-Clause "Simplified" License
19 stars 2 forks source link

Import CA for Captive Portal #5

Open stompro opened 7 months ago

stompro commented 7 months ago

The script needs to be able to update/import the Letsencrypt CA, to support the Captive Portal better.

stompro commented 3 weeks ago

Just a nudge to myself to figure this out.

LetsEncrypt issued new intermediate CAs on June 6th, which broke all my "pinned" manually loaded R3 Intermediate certificates in pfSense.

https://letsencrypt.org/2024/04/12/changes-to-issuance-chains.html

And funnily enough, that is one of their goals, to switch Intermediates more often to make it painful for those that don't handle changing intermediate certs automatically. They will be switching between 2 intermediate chains on each renewal, and switching to two different ones occasionally. I guess good job LetsEncrypt for breaking my current setup :-)

So this script needs to grab the intermediate from the chain.pem file and load that as a new CA on each update.