Project

General

Profile

Bug #6603

SSL configuration changes don't take immediate effect

Added by Peter C about 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Nice to have
Assignee:
Suraj Ravichandran
Category:
Middleware
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

I pasted in a fully signed cert and clicked "Save". The green message said that the settings were successfully applied.

But then when I tried to use HTTPS, it kept serving the old, self-signed certificate. Quitting the browser, deleting cookies, etc., didn't help. The server was still serving the old cert.

Manually running "/usr/sbin/nginx -s reload" did the trick, but it seems like that should happen automatically.


Related issues

Related to FreeNAS - Bug #6305: ssl settings // change of certificate for HTTPS is not reflectedResolved2014-10-10

History

#1 Updated by Jordan Hubbard about 6 years ago

Was this really seen in 9.2.1.7? It's likely that an old SSL configuration bug is biting you, if so, and it won't be addressed until 9.3

#2 Updated by Peter C about 6 years ago

Yes, it was 9.2.1.7. That's fine if it doesn't get fixed 'til 9.3, I just wanted to make sure someone was on the lookout for it.

#3 Updated by Jordan Hubbard about 6 years ago

  • Category set to 118
  • Assignee set to Suraj Ravichandran

Suraj: Please validate this is fixed in 9.3 and then mark resolved if so. Thanks.

#4 Updated by Suraj Ravichandran about 6 years ago

  • Related to Bug #6305: ssl settings // change of certificate for HTTPS is not reflected added

#5 Updated by Suraj Ravichandran about 6 years ago

  • Status changed from Unscreened to 15
  • Target version set to 9.2.1.8-RELEASE

This should be fixed in 9.2.1.8 by https://bugs.freenas.org/issues/6067

And in 9.3 it should be fixed by #6305.

Could you upgrade to 9.2.1.8 and verify?

#6 Updated by Suraj Ravichandran about 6 years ago

  • Status changed from 15 to Closed: User Config Issue

I am closing this for now.

If you still face it, please reopen the ticket.

#7 Updated by Peter C about 6 years ago

In light of #6731, it's hard to verify. Once I managed to get the form to accept the certificate, it did seem to take effect without manually reloading nginx.

...but it may also have reloaded nginx a little too aggressively, since it encountered some error or other that cause it to generate and use a new self-signed cert. There's nothing in /var/log/messages or nginx-error.log that provides any indication.

#8 Updated by Suraj Ravichandran about 6 years ago

I am closing this bug for now and will continue to find the root cause of it on your newly filed bug #6731.

#9 Updated by Suraj Ravichandran about 6 years ago

  • Status changed from Closed: User Config Issue to Closed

#10 Updated by Peter C almost 6 years ago

Confirmed that it's also fixed in 9.3-BETA.

Also available in: Atom PDF