After the former FreshPorts server was retired, its OpenVPN credential were revoked. I maintain those certificates via ssl-admin. I uploaded the new CRL into the System | Certificate Manager | Certificate Revocation page in pfSense. Today, I was seeing strange errors in Nagios, and figured someone wasn’t connected to the VPN. Checking OpenVPN client logs, …
I use OpenVPN since at least 2008 – now going on 13 years. I find it to be reliable and stable. A few days ago, I added another client to a VPN. I run this particular network with self-signed certificates which I create using ssl-admin – I find it particularly useful for this purpose. The …
Sometimes I forget about TLS / SSL / x509 certificates being available in both server and client versions, particularly when it comes to private certificate authorities. I use the security/ssl-admin port for that. Today in particular, I spent about 2 hours trying to debug issues while adding TLS to existing Bacula clients. I was getting …
This blog post describes my Let’s Encrypt solution which uses acme.sh and dns-01 challenges to obtain SSL certificates. If you are using HTTP challenges, this post might still be useful, but your configuration will differ slightly. Let’s Encrypt is a certificate authority which has become wildly popular since it was launched in April 2016 (just …
acme.sh: getting free SSL certificates – installation configuration on FreeBSD Read More »