Trusting Enterprise Certificate Authorities

Joined
May 5, 2021
Messages
5
We have an internal certificate authority that's used to sign our enterprise certificates and also sign some intermediaries for SSL interception. We've imported these CAs into TrueNAS through the GUI however it appears the system doesn't actually trust the certificates... I did some searching and didn't see a way to import a CA in a way that allows it to be trusted by the system. Has anyone found a way to do this or is this going to be a feature request?

I was fine exempting the ixsystems update server from the ssl interception, but not so crazy about allowing github since it would be the entire site and github has been used for malicious purposes before.

Error: Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/middlewared/job.py", line 367, in run
await self.future
File "/usr/local/lib/python3.8/site-packages/middlewared/job.py", line 405, in __run_body
rv = await self.middleware.run_in_thread(self.method, *([self] + args))
File "/usr/local/lib/python3.8/site-packages/middlewared/utils/run_in_thread.py", line 10, in run_in_thread
return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))
File "/usr/local/lib/python3.8/site-packages/middlewared/utils/io_thread_pool_executor.py", line 25, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/local/lib/python3.8/site-packages/middlewared/schema.py", line 977, in nf
return f(*args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/middlewared/plugins/jail_freebsd.py", line 367, in available
return self.middleware.call_sync('plugin.available_impl', options).wait_sync(raise_error=True)
File "/usr/local/lib/python3.8/site-packages/middlewared/job.py", line 338, in wait_sync
raise CallError(self.error)
middlewared.service_exception.CallError: [EFAULT] Cmd('git') failed due to: exit code(128)
cmdline: git clone -v https://github.com/freenas/iocage-ix-plugins.git /mnt/hdd-storage/iocage/.plugins/github_com_freenas_iocage-ix-plugins_git
stderr: 'Cloning into '/mnt/hdd-storage/iocage/.plugins/github_com_freenas_iocage-ix-plugins_git'...
fatal: unable to access 'https://github.com/freenas/iocage-ix-plugins.git/': SSL certificate problem: self signed certificate in certificate chain
 
Top