Bug #24272
Fix import of certificates converted from CSRs
Description
An externally signed certificate has been created through Certificate Signing Request has be created in the System->Certificates.
This certificate is not available in the UI at System->General to select for use as the HTTPS certificate.
Related issues
Associated revisions
History
#1
Updated by Kevin Morris almost 4 years ago
Updated by Kevin Morris - Subject changed from SSL Certificate Does not Populate to the System->General Page; Certificat: Drop-down to SSL Certificate Does not Populate to the System->General Page; Certificate: Drop-down
#2
Updated by Suraj Ravichandran almost 4 years ago
Updated by Suraj Ravichandran - Status changed from Unscreened to 15
- Priority changed from No priority to Important
If its still a CSR then it will not list in the certificate drop down menu, you have to promote it to proper cert level for that.
Please check that and get back to me.
#3
Updated by Kevin Morris almost 4 years ago
- File SystemCertificates.PNG SystemCertificates.PNG added
#4
Updated by Kevin Morris almost 4 years ago
The CSR does have the signed certificate associated. The certificate information is populated to the System->Certificates page.
#5
Updated by Suraj Ravichandran almost 4 years ago
Can you elaborate on what "The CSR does have the signed certificate associated." means?
All I want to know is that is it still a cert signing req or a signed cert?
It would help if you wrote down the exact steps you took to get to this point.
Thanks
#6
Updated by Sal Martinez almost 4 years ago
Updated by Sal Martinez - File FreeNasCertCapture.JPG FreeNasCertCapture.JPG added
- Seen in changed from 9.10.2-U4 to 9.10-STABLE-201606072003
Oddly enough, I am in the same position.. looking a google search a few hours ago I stumble upon this bug...
We also created an external CA signed certificate based out of a CSR.. on mine we added the certificate along with the subordinate and root certificates.Do we need to restart web services or something ?
#7
Updated by Kevin Morris almost 4 years ago
'gainesville' is a signed certificate.
I created the CSR on the Certificates tab.
I edited the CSR to copy the base 64 request.
I signed the base 64 request externally adding subject alternative names of a short name, fully qualified domain name, and IP address.
I pasted the resulting certificate into the CSR and saved it.
The certificates page then showed the certificate as I pasted in my last edit.
I navigated to system General but the certificate was not available in the certificate dropdown field on that page.
I have restarted nginx and Django but this did not help.
#8
Updated by Suraj Ravichandran almost 4 years ago
- Status changed from 15 to Screened
- Priority changed from Important to Expected
- Target version set to 11.1
@kevin thanks for the steps (just wanted to ensure that you were using the correct flow here).
seems like a bug to me.
I shall work on it post getting back from my time off.
#9
Updated by Alex S almost 4 years ago
Updated by Alex S I encountered this as well. Here is what I did:
- Created a CA
- Created a certificate signed by internal CA from above
- Turned on HTTPS
- Created a 4096bit CSR under certificates tab
- Sent CSR to incommon and got a certificate back
- Opened certificate and pasted in certificate
- New certificate does not show in general tab as an option (but internal-ca signed one does)
Then I exported the certificate and private key, saved them, and used 'import certificate' to import them again under a new name. That worked (And is a work-around for anyone encountering this bug)
Running FreeNAS-9.10.2-U2 (e1497f2)
#10
Updated by Kevin Morris almost 4 years ago
Confirmed that the workaround posted by Alex is working. Exported key and certificate. Deleted. Imported. And was able to assign the certificate for https.
#11
Updated by Rex Wheeler almost 4 years ago
Updated by Rex Wheeler I ran into the same issue. I created a CSR from FreeNAS, edited the cert to obtain the CSR, had that CSR signed by my CA, pasted the resultant certificate from my CA into the certificate field in FreeNAS and observed that the certificate was not available to assign to the GUI (even though it in /etc/certificates.) After exporting the newly created certificate and private key and re-importing them (with a new identifier), the new identifier was available in the GUI for use (and the original cert still was not.)
I am on 11.0 RC3. My CA is a Windows Server CA using a copy of the default Web Server template that has been modified to allow key export.
Interestingly if I dump out the crt files in /etc/certificates for both the original certificate and the imported certificate I get the same decoded file:
openssl x509 -in original.crt -text > c1.txt
openssl x509 -in reimported.crt -text > c2.txt
diff c1.txt c2.txt
The diff shows they are the same certificate. I assume that there is something "special" that happens upon import.
#12
Updated by Suraj Ravichandran almost 4 years ago
I have resumed my work, and shall work on this ticket this week (i.e. today and tmrw)
#13
Updated by Suraj Ravichandran almost 4 years ago
- Target version changed from 11.1 to 11.0-U1
bumping to 11.0-U1
#14
Updated by Suraj Ravichandran almost 4 years ago
- Has duplicate Bug #22315: Can't choose cert from cert menu in settings added
#15
Updated by Vaibhav Chauhan almost 4 years ago
Updated by Vaibhav Chauhan - Target version changed from 11.0-U1 to 11.0-U2
#16
Updated by Vaibhav Chauhan almost 4 years ago
- Target version changed from 11.0-U2 to 11.0-U3
#17
Updated by Suraj Ravichandran over 3 years ago
- Status changed from Screened to Needs Developer Review
- Assignee changed from Suraj Ravichandran to William Grzybowski
#18
Updated by William Grzybowski over 3 years ago
Updated by William Grzybowski - Status changed from Needs Developer Review to Reviewed by Developer
- Assignee changed from William Grzybowski to Suraj Ravichandran
#19
Updated by Suraj Ravichandran over 3 years ago
@Release Engineer: https://github.com/freenas/freenas/pull/244 PR for stable branch.
#20
Updated by Vaibhav Chauhan over 3 years ago
- Status changed from Reviewed by Developer to 47
#21
Updated by Dru Lavigne over 3 years ago
Updated by Dru Lavigne - Subject changed from SSL Certificate Does not Populate to the System->General Page; Certificate: Drop-down to Fix import of certificates converted from CSRs
#22
Updated by Bonnie Follweiler over 3 years ago
Updated by Bonnie Follweiler 
- File Screen Shot 2017-08-28 at 3.48.19 PM.png Screen Shot 2017-08-28 at 3.48.19 PM.png added
- Status changed from 47 to Ready For Release
- Assignee changed from Suraj Ravichandran to Vaibhav Chauhan
- Needs QA changed from Yes to No
- QA Status Test Passes added
- QA Status deleted (
Not Tested)
See Screenshot
#23
Updated by Dru Lavigne over 3 years ago
- Assignee changed from Vaibhav Chauhan to Suraj Ravichandran
#24
Updated by Dru Lavigne over 3 years ago
- Status changed from Ready For Release to Resolved
#25
Updated by Dru Lavigne over 3 years ago
- Related to Bug #21395: Can't select installed certificates after updating to 9.10.2 added