Certificates in 9.3 are a major headache
In 9.2.x, a dummy SSL cert was automatically generated for you and used when you access the UI via HTTPS.
In 9.3 there is no dummy cert. You have to create an internal CA, fill out a City, State, Org, E-Mail address, and the common name.
Once that's done, you have to go create the actual certificate based off that CA and fill out a bunch of the same information all over again, then switch to HTTPS.
The API doesn't appear to support uploading certs. I haven't tried it yet, but the API differs from the UI. It doesn't require a certificate authority, but it also doesn't allow you to upload a key.
I have about 50 FreeNAS boxen that can't be upgraded because they will all hit Bug #7049, and once I edit the DB and restart Django to gain HTTP access to the web interface, a bunch of tools that use the API will be broken until I go through a time consuming CA and cert creation process.
I'm not doing certs because I need to validate the endpoint, I need certs to keep credentials encrypted while calling the API from a management host over the internet.
Any way to generate a self-signed dummy cert on upgrade?
#1 Updated by Aaron C de Bruyn almost 6 years ago
In addition to this, I just went through the process to create a certification on my test NAS. I created the internal CA, then the internal cert based on that CA. I switched the GUI to use HTTPS and the newly selected cert. I hit save, received the message about Django restarting, then I was redirected to Chrome saying 'NET::ERR_CERT_INVALID'.
I changed 'stg_guiprotocol' back to 'http' in the database and restarted Django. It keeps redirecting me to use HTTPS (cleared cache, tried incognito mode, etc...) which gives me the error about an invalid cert.
#3 Updated by Josh Paetzel almost 6 years ago
- Status changed from Unscreened to Screened
- Assignee set to Josh Paetzel
Try service ix-nginx start && service nginx restart
It's a CLI back to get you running not what should happen.
I'll reach out to you tomorrow to see what we can do to make your migration reasonable.
#6 Updated by sven ollino over 5 years ago
Running 9.3-release, everything up to date and there is still an issue with the Cert or CA when using WebDAV over HTTPS:
Chrome says NET::ERR_CERT_INVALID which can't be bypassed.
FYI: First install was 9.3-beta. I made an internal CA and a cert which didn't work (as described), updated to release, deleted CA and the cert and created new ones no change.. still NET::ERR_CERT_INVALID.
wrote the same under:
#10 Updated by Aaron C de Bruyn over 5 years ago
I haven't performed a fresh install since this bug was closed. Will a fresh install automatically create a self-signed cert? I was trying to avoid both the hassle of not retaining the original cert, and having to go through the process of creating a self-signed CA and then a self-signed cert.