Read about OpenEMR's Response to the COVID-19 Pandemic at https://www.open-emr.org/covid19/

Client certificat install on safari

client certificate installation in my Mac Catalina key chain always asks for pwd of the certificate, any idea where is that?

no issues with Firefox and I can connect https.

Thanks

hi @Mohammad, OpenEMR doesn’t work on Safari that well and sounds like this is just another reason to use firefox or icecat.

when I edited apache2 default-ssl.conf and added the certificates generated by openemr I was able to connect securely to it with safari and I got the lock on the address bar, it is only when I want to limit the access to only the carriers of the certificates and I enforced : /etc/apache2/ssl/CertificateAuthority.crt after activating : SSLVerifyClient require and setting : SSLVerifyDepth to 2, only then I was not able to get the client certificate to be added to the keychain on my Mac without the password of the certificate, I think there has to be a clearer explanation for it and I hope I solve it because it should be doable. thanks.

ok, nice, you may be able to get that to work but from hearing from the experience of others, safari behavior can be quite suspect in the daily use of openemr.

Specific question:
What is the password for the client certificate that is issued in openemr ?
Where is that embedded?

not sure about the password, you’re looking for apache client certs right?

following original guide this should be setup from Admin->Other->Certificates for v5.0.2

openemr_client_cert.p12
this cert when imported into the keychain on Mac , keychain asks for password of that cert.
issuing the client cert by openemr obviously uses a password that macOs is asking for.
where is that password?

not sure but maybe this has something helpful

EXACTLY…Thank you….
So when you get to the step after you sign in with your Mac admin password, then next screen is asking for the certificate password, and there I am stuck…!!!
My question to whoever knows , what is the openemr password for the client certificate?

pretty sure @visolveemr, who added this feature could provide expert guidance

help please, still cannot find a solution.

Any reason why I am not getting help on this issue?
It is a legit question, the keychain on Mac asks for a password for the client certificate (same password used by openemr to issue it).
what is is the default password for openemr issuing those certs???

I’ll poke around in source for ya. Currently I don’t think many of us has a lot of experience setting up secure clients for intranets. Most are online.

Thank you very much, help is greatly appreciated

@Mohammad Have you tried using an empty password?

If Mac simply refuses to accept an empty password we may have to modify source to use a user supplied passphrase on certificate creation. (we don’t use passphrase now).

Though as @stephenwaite has pointed out, we don’t necessarily support Safari however, i’d like to see us support this because i’m an advocate of running OpenEMR local.

1 Like

yes I tried empty password and it did not work

Are you still working this?
I’m considering adding the ability to create certs with a passphrase. I don’t want to do if not going to be used.

Yes I am, I intend to keep my database shelled out from my network except for users with client certificate where I decrease the exposure of my data to attacks, I know it is not absolute protection and I am familiar with the limits, but it is a step up towards safety.