Import intermediate CA cert to Certificate Authorities in web GUI #4
Comments
|
Hey ! |
|
There is no "fix" because this isn't a problem; it's a potential future
enhancement that IMO is of pretty low value. I haven't done any work in
this direction and don't expect to, but I'd be happy to consider a PR if it
worked cleanly.
…On Thu, Jan 9, 2020 at 7:44 AM yugohug0 ***@***.***> wrote:
Hey !
I have the same problem here, I know a bit about IT and networking but I
don't want to mess with the script at this point, any fixes ?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#4?email_source=notifications&email_token=AC4PNH5CGETFSJQR6LOHICTQ44L3DA5CNFSM4E2BA4UKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIQFUBY#issuecomment-572545543>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AC4PNH7CVH3M67WFQHXG3J3Q44L3DANCNFSM4E2BA4UA>
.
|
|
Hey ! Thanks again for your project :) |
|
"IMO" = "in my opinion". I'm not quite sure what you mean by your last question--to manage the script, download it, prepare a configuration file, and in the most common use case (or at least the use case I had in mind when I wrote it), call it from your ACME client (certbot, acme.sh, or whatever else you like). That client will handle obtaining/renewing your cert from Let's Encrypt, and then it will call this script to deploy the cert to your FreeNAS server. I think this is pretty well discussed in the README--were there parts that were unclear or incomplete? |
|
Thanks for the translation ! That's the only thing I can't figure out at the moment In one question : Where the certificates/keys need to be placed in order to allow their selection through the freenas web GUI
|
|
I can see them in my freenas structure.
Where do you "see them in [your] freenas structure"? You should see them
listed in the "certificates" page:
https://www.ixsystems.com/documentation/freenas/11.2-U7/system.html#certificates
Where the certificates/keys need to be placed in order to allow their
selection through the freenas web GUI
This is what the script is supposed to do--import and select the cert/key.
You shouldn't need to do anything manually. But none of this has anything
to do with importing the CA certificate into the CAs section of the FreeNAS
configuration.
…On Tue, Jan 21, 2020 at 9:11 AM yugohug0 ***@***.***> wrote:
Thanks for the translation !
I mean everything seems to work fine, certificates are created and stored,
I can see them in my freenas structure. But when I connect to my web GUI I
can't select any SSL certificate, so do I need to move them in a very
special place ?
That's the only thing I can't figure out at the moment
In one question : Where the certificates/keys need to be placed in order
to allow their selection through the freenas web GUI
[image: Capture d’écran 2020-01-21 à 15 06 21]
<https://user-images.githubusercontent.com/49484832/72811329-b259a300-3c5f-11ea-92ab-59282c1b3a23.png>
[image: Capture d’écran 2020-01-21 à 15 06 28]
<https://user-images.githubusercontent.com/49484832/72811330-b259a300-3c5f-11ea-9a23-6867eb8b0ccb.png>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#4?email_source=notifications&email_token=AC4PNH3O5OQET4NJIJFEKIDQ637BDA5CNFSM4E2BA4UKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJP3T7Y#issuecomment-576698879>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AC4PNH5PZQJ4QNUI54VE4I3Q637BDANCNFSM4E2BA4UA>
.
|
|
I can see the CERT/KEY by following this path "/root/.acme.sh/mydomainname.com" and i have 0 error by executing your script, maybe i've done something wrong ? I'm gonna try again and delete every stuff under this path beforehand, that's really strange because your script looks nice and it's seem pretty straightforward. Thanks for your understanding |
|
Please open a new issue--once again, the problems you're seeing have nothing to do with importing the intermediate CA certificate. And when you open that new issue, post the complete output of running the deploy_freenas.py script. |
The script imports the CA cert as part of the server cert (it uses the fullchain.cer file, which includes both), but it doesn't separately import it into the Certificate Authorities in the FreeNAS middleware. This shouldn't be necessary for web GUI purposes, but might be helpful for other uses. Would want to check if the same CA is already present before importing a new one, though.
The text was updated successfully, but these errors were encountered: