Project

General

Profile

Bug #4837

SSL certificate importer does not handle all valid forms of key/certificate pairs

Added by Mc Roger over 6 years ago. Updated about 6 years ago.

Status:
Resolved
Priority:
Nice to have
Assignee:
John Hixson
Category:
GUI (new)
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Full notes on forums at:

http://forums.freenas.org/index.php?threads/cannot-add-signed-ssl-cert-to-new-freenas-mini.20172/#post-114897

Running FreeNAS-9.2.1.3-RELEASE-x64 (dc0c46b)

Interface at Settings >> SSL does not seem to accept all valid private key + certificate pairs when attempting to import signed server certificate for FreeNAS. Namely, a format reported by many users which contains private key data between the following header/footer:

-----BEGIN PRIVATE KEY-----
[base64 encoded key data]
-----END PRIVATE KEY-----

...such as is generated by at least the Easy-RSA [1] OpenSSL-based CA toolkit from OpenVPN cannot be imported from the WebGUI. Attempting to displays errors such as:

RSA or DSA private key not found
RSA or DSA private key is not valid

However exporting these keys in PEM format (and specifying them on input as PEM format) using 'openssl rsa' command creates keys that when concatenated with the public certificate appear to import properly, at least most of the time in limited testing.

[1] https://github.com/OpenVPN/easy-rsa


Related issues

Related to FreeNAS - Bug #5836: We need a CA / Cert manager UIResolved2014-08-18

History

#1 Updated by Jordan Hubbard over 6 years ago

  • Assignee set to William Grzybowski
  • Target version set to 79

#2 Updated by William Grzybowski over 6 years ago

  • Status changed from Unscreened to Screened

#3 Updated by Jordan Hubbard over 6 years ago

  • Target version changed from 79 to 103

#4 Updated by William Grzybowski over 6 years ago

  • Assignee changed from William Grzybowski to John Hixson
  • Target version changed from 103 to 9.3-M3

Over to John as he is working in the cert manager.

#5 Updated by William Grzybowski over 6 years ago

  • Related to Bug #5836: We need a CA / Cert manager UI added

#6 Updated by John Hixson over 6 years ago

  • Status changed from Screened to 15

If you could provide a certificate that previously was unable to be uploaded, I would like to test it with our new certificate manager to verify it's no longer a problem.

#7 Updated by John Hixson about 6 years ago

  • Status changed from 15 to Resolved

I have confirmed the new certificate manager can indeed import keys like yours, marking resolved.

Also available in: Atom PDF