default cert location (GUI)

[Robert Thomspon]

Was the ability to change the default certification removed in Scale? or relocated elsewhere? (In core, iirc, it used to be under General > Settings. Scale does not seem to have the option)

 

[morganL]

Is this what you are looking for? https://www.truenas.com/docs/scale/credentials/certificatesscale/

 

[Robert Thomspon]

Is this what you are looking for? https://www.truenas.com/docs/scale/credentials/certificatesscale/

close, but not exactly. You used to be able to change the default certificate used by Free/TrueNAS in the GUI, it looks like that feature may have been left out (or overlooked).

Old version: https://www.truenas.com/docs/core/system/general/settings/

 

[morganL]

"By default, TrueNAS comes equipped with an internal, self-signed certificate that enables encrypted access to the web interface, but users can import and create more certificates by clicking Add in the Certificates window."

Have you tried adding a certificate?

 

[Robert Thomspon]

"By default, TrueNAS comes equipped with an internal, self-signed certificate that enables encrypted access to the web interface, but users can import and create more certificates by clicking Add in the Certificates window."

Have you tried adding a certificate?

Yes, but again, this isnt about adding a certificate, this is about changing the default certificate that freenas uses by using the GUI to do so (the other option is to change it by copying over a different certification via CLI, or editing the default cert to reflect a different cert. )

This isnt a HUGE deal, as its relatively easy to do via CLI, it was just something i noticed seems to have been overlooked or removed between core and scale. and, its only really halpful if youre planning to expose your truenas gui to the web (not a super smart idea :) )

 

[morganL]

My point is that rather than removing a certificate, our preferred process should be add a new certificate and then enable the webUI to use it.
If a user wants to rollback to the default cert that should be allowed.
So, if you have added a certificate, but can't use it... I would consider that a bug.
We'd then have to look through the RELEASE bugfixes to see if its been addressed.

 

[Robert Thomspon]

My point is that rather than removing a certificate, our preferred process should be add a new certificate and then enable the webUI to use it.
If a user wants to rollback to the default cert that should be allowed.
So, if you have added a certificate, but can't use it... I would consider that a bug.
We'd then have to look through the RELEASE bugfixes to see if its been addressed.

I actually think we're on the same page.

I too would like the ability to upload a certificate, change it via the GUI and easily change it back to the bundled cert if i chose to do so.
Id infinitely prefer not to remove a certificate, especially a bundled one.

Ultimately, im trying to track down a bug in an android app called Moon+ reader. It throws a "Trust Anchor" error and outside of traefik, TrueNAS is the only other point i can think of that might drop the cert as an intermediary (literally the ONLY problem im having with TrueNAS now that ive got everything dialed in :) )

 

[morganL]

Have you loaded a new cert onto TrueNAS?

If the android Moon+ App is not going to the TrueNAS WebUI, then I don't see how the cert is the issue?
Has anyone else used Moon+?

 

[Robert Thomspon]

Have you loaded a new cert onto TrueNAS?

If the android Moon+ App is not going to the TrueNAS WebUI, then I don't see how the cert is the issue?
Has anyone else used Moon+?

Yes, I loaded the 'calibre-web' certification I created to be used for the calibre-web application. I then used truecharts ingress function in conjunction with the certification to enable https connections. Moon+ is simply the interface used to access the calibre-web instance.

I will point out, I use this same set up for all ofy applications. Nextcloud, calibre, calibre-web. Ombi, booksonic, airsonic... Everything that isn't internal network only. The only problem is with the interplay of moon+ and calibre-web, though, I sort of think it has anything to do with my certs or setup. I just received an email from the dev stating that they tried building the app to bypass Google's trust anchor and the build got kicked off of the play store... SO, very unlikely it's not the apps fault alone.

That being said, there are other readers that can essentially perform the same, just not in as nice a package as moon (it's a pretty badass reader... I just refuse to not use SSL, as standard http works perfectly fine on it)

 

[Robert Thomspon]

Have you loaded a new cert onto TrueNAS?

If the android Moon+ App is not going to the TrueNAS WebUI, then I don't see how the cert is the issue?
Has anyone else used Moon+?

And, for the record, I don't really think it has anything to do with TrueNAS or with TrueCharts... I do believe the fault is in the app and the app alone, I'm just checking to make sure is all.