Fix import of certificates converted from CSRs
An externally signed certificate has been created through Certificate Signing Request has be created in the System->Certificates.
This certificate is not available in the UI at System->General to select for use as the HTTPS certificate.
#2 Updated by Suraj Ravichandran almost 4 years ago
- Status changed from Unscreened to 15
- Priority changed from No priority to Important
If its still a CSR then it will not list in the certificate drop down menu, you have to promote it to proper cert level for that.
Please check that and get back to me.
#5 Updated by Suraj Ravichandran almost 4 years ago
Can you elaborate on what "The CSR does have the signed certificate associated." means?
All I want to know is that is it still a cert signing req or a signed cert?
It would help if you wrote down the exact steps you took to get to this point.
#6 Updated by Sal Martinez almost 4 years ago
- File FreeNasCertCapture.JPG FreeNasCertCapture.JPG added
- Seen in changed from 9.10.2-U4 to 9.10-STABLE-201606072003
Oddly enough, I am in the same position.. looking a google search a few hours ago I stumble upon this bug...
We also created an external CA signed certificate based out of a CSR.. on mine we added the certificate along with the subordinate and root certificates.
Do we need to restart web services or something ?
#7 Updated by Kevin Morris almost 4 years ago
'gainesville' is a signed certificate.
I created the CSR on the Certificates tab.
I edited the CSR to copy the base 64 request.
I signed the base 64 request externally adding subject alternative names of a short name, fully qualified domain name, and IP address.
I pasted the resulting certificate into the CSR and saved it.
The certificates page then showed the certificate as I pasted in my last edit.
I navigated to system General but the certificate was not available in the certificate dropdown field on that page.
I have restarted nginx and Django but this did not help.
#8 Updated by Suraj Ravichandran almost 4 years ago
- Status changed from 15 to Screened
- Priority changed from Important to Expected
- Target version set to 11.1
@kevin thanks for the steps (just wanted to ensure that you were using the correct flow here).
seems like a bug to me.
I shall work on it post getting back from my time off.
#9 Updated by Alex S almost 4 years ago
I encountered this as well. Here is what I did:
- Created a CA
- Created a certificate signed by internal CA from above
- Turned on HTTPS
- Created a 4096bit CSR under certificates tab
- Sent CSR to incommon and got a certificate back
- Opened certificate and pasted in certificate
- New certificate does not show in general tab as an option (but internal-ca signed one does)
Then I exported the certificate and private key, saved them, and used 'import certificate' to import them again under a new name. That worked (And is a work-around for anyone encountering this bug)
Running FreeNAS-9.10.2-U2 (e1497f2)
#11 Updated by Rex Wheeler almost 4 years ago
I ran into the same issue. I created a CSR from FreeNAS, edited the cert to obtain the CSR, had that CSR signed by my CA, pasted the resultant certificate from my CA into the certificate field in FreeNAS and observed that the certificate was not available to assign to the GUI (even though it in /etc/certificates.) After exporting the newly created certificate and private key and re-importing them (with a new identifier), the new identifier was available in the GUI for use (and the original cert still was not.)
I am on 11.0 RC3. My CA is a Windows Server CA using a copy of the default Web Server template that has been modified to allow key export.
Interestingly if I dump out the crt files in /etc/certificates for both the original certificate and the imported certificate I get the same decoded file:
openssl x509 -in original.crt -text > c1.txt openssl x509 -in reimported.crt -text > c2.txt diff c1.txt c2.txt
The diff shows they are the same certificate. I assume that there is something "special" that happens upon import.
#22 Updated by Bonnie Follweiler over 3 years ago
- File Screen Shot 2017-08-28 at 3.48.19 PM.png Screen Shot 2017-08-28 at 3.48.19 PM.png added
- Status changed from 47 to Ready For Release
- Assignee changed from Suraj Ravichandran to Vaibhav Chauhan
- Needs QA changed from Yes to No
- QA Status Test Passes added
- QA Status deleted (