SOLVED Signed Certificate from StartCom not able to be imported - FreeNAS-9.10.2 (a476f16)

[jsylvia007]

Howdy all...

I've been running FreeNAS for years now, and I've never had an issue with SSL.

I use my own CSR to generate the certificate from StartCom:

openssl req -newkey rsa:2048 -keyout freenas_ENCRYPTED.key -out freenas.csr

I then push that over to StartCom via their web interface, and they provide me with a ZIP file containing a bunch of certificates. One of them is one specifically listed for nginx.

I have now tried about 30 times to import via the GUI and every time all I get is "an error occured". I've tried with decrypted keys, encrypted keys, chained cert, non-chained cert...

Is there a known bug in FreeNAS-9.10.2 (a476f16)??

All of my other servers (all Apache) are using their certificates without issue, and the OLD certificate currently installed and set to expire in a week is a StartCom Cert...

What am I doing wrong?

 

[dlavigne]

Anything in /var/log/messages when you get the error?

 

[jsylvia007]

That was the first place I looked. Nothing in there besides the normal stuff.

 

[dlavigne]

There is https://bugs.freenas.org/issues/19702, but that is a traceback. Not sure if it is related to your issue or not.

 

[jsylvia007]

Looks definitely like it might be.

Any chance that 9.10.2-U1 might be out soon?

Or, can this be done via the command line?

 

[dlavigne]

Barring any unexpected bugs in testing, that update is slated for January 9.

 

[jsylvia007]

Haha. Ok then. I guess I can revisit at that point. Hopefully it will be fixed.

No way to get the certificate recognized via the CLI though?

 

[dlavigne]

Not that I'm aware of.

 

[jsylvia007]

Sounds good. I'll report back after the update.

 

[jsylvia007]

Any news on this update? It's the 10th, and I haven't seen it yet. I'm starting to get to a point where my SSL certificates are expiring...

 

[jsylvia007]

Solved! The update to 9.10.2-U1 fixed the issue for me. Everything is all set.