GlobalProtect-openconnect icon indicating copy to clipboard operation
GlobalProtect-openconnect copied to clipboard

Published 20 hours ago verified publisher icon yuezk

How to import p12 certificate

Open rhashi opened this issue 4 years ago • 5 comments
trafficstars

I am trying to import the .p12 certificate but I can't figure out how to do it. Does it support importing a .p12 certificate? Need help...... I am using Manjaro and the current kernel version is 5.14.

rhashi avatar Nov 05 '21 09:11 rhashi

@rhashi Please try thefollow steps:

  1. Try to convert the .p12 certificate to the .pem format certificate (reference) 
    openssl pkcs12 -in client.p12 -out client.pem
  2. Open the setting dialog of this client and input the parameter --certificate <path to your client.pem> to the Custom Parameters field. (ref: https://github.com/yuezk/GlobalProtect-openconnect#passing-the-custom-parameters-to-openconnect-cli)

yuezk avatar Nov 07 '21 04:11 yuezk

Hi, @rhashi may I know does my solution work?

yuezk avatar Nov 08 '21 00:11 yuezk

@yuezk no bro I didn't work. I converted .p12 to .pem and then I pass the custom parameters --certificate ~/Downloads/mycert.pem But when I try to connect and enter my credentials it says not connected. My credentials are correct as I am already using them on my windows machine.

rhashi avatar Nov 08 '21 16:11 rhashi

Sorry about that.

This client will call the OpenConnect command line under the hood. So, if you like, you can use that command line directly. It could provide more info for troubleshooting if an error occurred.

yuezk avatar Nov 09 '21 00:11 yuezk

nvidia@nvidia:~/Downloads$ sudo openconnect -b gp-dmec.vpn.polimi.it -c /home/nvidia/Downloads/certificate-10518176-20211112.p12 --form-entry main:username=10518176 POST https://gp-dmec.vpn.polimi.it/ Connected to 131.175.19.131:443 Enter PKCS#12 pass phrase: Using client certificate '[email protected]' SSL negotiation with gp-dmec.vpn.polimi.it Connected to HTTPS on gp-dmec.vpn.polimi.it with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM) XML response has no "auth" node GET https://gp-dmec.vpn.polimi.it/ Connected to 131.175.19.131:443 SSL negotiation with gp-dmec.vpn.polimi.it Connected to HTTPS on gp-dmec.vpn.polimi.it with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM) XML response has no "auth" node Failed to complete authentication

Hi @yuezk I have above results with openconnect cmd line. I have to somehow authenticate the pipeline with username and password. Can you help me with the syntax line? Btw, do you think .pem is better than .p12?

Thanks

JeyP4 avatar Sep 06 '22 16:09 JeyP4