search

yuezk / GlobalProtect-openconnect

A GlobalProtect VPN client for Linux, written in Rust, based on OpenConnect and Tauri, supports SSO with MFA, Yubikey, and client certificate authentication, etc.
GNU General Public License v3.0
1.36k stars 152 forks source link

How to import p12 certificate #103

Closed rhashi closed 7 months ago

rhashi commented 2 years ago

I am trying to import the .p12 certificate but I can't figure out how to do it. Does it support importing a .p12 certificate? Need help...... I am using Manjaro and the current kernel version is 5.14.

yuezk commented 2 years ago

@rhashi Please try thefollow steps:

  1. Try to convert the .p12 certificate to the .pem format certificate (reference) 
    openssl pkcs12 -in client.p12 -out client.pem
  2. Open the setting dialog of this client and input the parameter --certificate <path to your client.pem> to the Custom Parameters field. (ref: https://github.com/yuezk/GlobalProtect-openconnect#passing-the-custom-parameters-to-openconnect-cli)
yuezk commented 2 years ago

Hi, @rhashi may I know does my solution work?

rhashi commented 2 years ago

@yuezk no bro I didn't work. I converted .p12 to .pem and then I pass the custom parameters --certificate ~/Downloads/mycert.pem But when I try to connect and enter my credentials it says not connected. My credentials are correct as I am already using them on my windows machine.

yuezk commented 2 years ago

Sorry about that.

This client will call the OpenConnect command line under the hood. So, if you like, you can use that command line directly. It could provide more info for troubleshooting if an error occurred.

JeyP4 commented 2 years ago

nvidia@nvidia:~/Downloads$ sudo openconnect -b gp-dmec.vpn.polimi.it -c /home/nvidia/Downloads/certificate-10518176-20211112.p12 --form-entry main:username=10518176 POST https://gp-dmec.vpn.polimi.it/ Connected to 131.175.19.131:443 Enter PKCS#12 pass phrase: Using client certificate '10518176@polimi.it' SSL negotiation with gp-dmec.vpn.polimi.it Connected to HTTPS on gp-dmec.vpn.polimi.it with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM) XML response has no "auth" node GET https://gp-dmec.vpn.polimi.it/ Connected to 131.175.19.131:443 SSL negotiation with gp-dmec.vpn.polimi.it Connected to HTTPS on gp-dmec.vpn.polimi.it with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM) XML response has no "auth" node Failed to complete authentication

Hi @yuezk I have above results with openconnect cmd line. I have to somehow authenticate the pipeline with username and password. Can you help me with the syntax line? Btw, do you think .pem is better than .p12?

Thanks

yuezk commented 7 months ago

Closing it for now, if the certificate authentication is still needed, reopen it or report another feature request, I will support it.