SOLVED Locked out of GUI because of inappropriate TLS certificate

C

Christian K

Dabbler
Joined
Sep 22, 2021
Messages
17
I had created a CA cert and signed a new cert with it in the GUI. Imported the CA cert into my web browser.
However it turns out I set the wrong use cases in the certificate, because now Chromium reports

ERR_SSL_KEY_USAGE_INCOMPATIBLE

when attempting to open the GUI.

What would be the way to replace the new cert with the default cert in TrueNAS?
I have SSH access enabled but su or sudo don't work.
I suppose I'll have to use the local console on my server.
 
C

Christian K

Dabbler
Joined
Sep 22, 2021
Messages
17
It took me some time, but I solved this issue.
For those running into the same trap:

Get a root shell. Either by SSH access or via local keyboard and screen.

1. Look at the certificates
ll /etc/certificates
there should be the default freenas_default.crt and freenas_default.key

2. Edit /etc/local/nginx/nginx.conf
3. Find the lines with the ssl_certificate and ssl_certificate_key statements
4. Replace the files with /etc/certificates/freenas_default.crt and
/etc/certificates/freenas_default.key , respectively
5. restart nginx
service nginx restart
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Locked out of GUI because of inappropriate TLS certificate"

Similar threads

mholin
SOLVED cannot delete expired certificate
Replies
5
Views
5K
profwalken
profwalken
L1miter
Cert-manager/ClusterIssuer local certificate authority
Replies
5
Views
2K
L1miter
L1miter
C
  • Locked
SOLVED FreeNAS 11.0U4 won't join Samba AD server. Self-signed cert confusion.
Replies
1
Views
2K
ChinookTx
C
S
Help installing a certificate from an external CA?
Replies
7
Views
6K
danb35
danb35
A
Invalid Certificate
Replies
2
Views
4K
afc_rich
A
Top