UI Certificate wont change

veldthui

Dabbler
Joined
Nov 28, 2019
Messages
47
Hi, New to FreeNAS and decided to try out the 11.3Beta version.
I made a new CA certificate and then an actual certificate and set the General option to use the certificate I created. I also set Web Redirect HTTP->HTTPS in the General options.

I am finding that the HTTP->HTTPS does not work under Chrome and I just get an HTTP connection. If I do enter the https://website.... then I still get a certificate error. Checking the certificate I find that it is still using the default certificate even though under General I have set it to my certificate I generated.

Am I doing this right or is there a bug here?
 

Jailer

Not strong, but bad
Joined
Sep 12, 2014
Messages
4,975
Did you clear your history and browser cache? Does it work if you open it in a private window?
 

veldthui

Dabbler
Joined
Nov 28, 2019
Messages
47
Did you clear your history and browser cache? Does it work if you open it in a private window?
Tried that and same result. Also tried Edge browser and got the same results. No HTTPS redirect and default certificate.
 

Fredda

Guru
Joined
Jul 9, 2019
Messages
608
The certificate error is normal for a self generated certificate. You'll need to force the browser to accept the certificate, after that it works.
(Not talking about the redirect here, just the cert error)
 

veldthui

Dabbler
Joined
Nov 28, 2019
Messages
47
The certificate error is normal for a self generated certificate. You'll need to force the browser to accept the certificate, after that it works.
(Not talking about the redirect here, just the cert error)

That is incorrect. The certificate generated was exported and imported into the trusted root certs of my PC. If FreeNAS used the correct cert then my PC would not give an error because it is now trusted.

FreeNAS is using the default cert even though I have told it to use the cert I generated using the CA and Cert menus. The name shows localhost where as the cert I generated should show jvnas2.
 

veldthui

Dabbler
Joined
Nov 28, 2019
Messages
47
Okay I have it working partially. Turns out the redirect works if the certificate is okay but not otherwise.
There seems to be an issue with the certificates as well. I put in the CA the common name of my Freenas. I also put this in the subject Alternate along with the IP it uses in case I use the IP when the DNS is offline. All good so far and exported this and imported into the Trusted Root certificate. Checked that and it looks fine.

Then created the certificate and did the same with that. name in the common name and name and IP is the subject alternate. Told FreeNas to use this and everytime when using the IP address it works and is trusted. However using the name causes a certificate error. Checking the certificate it seems FreeNas change changed the common name from xx.yyy.zzzz to xx@yyy.zzzz. Worse still it strips the name out of the subject alternate and only leaves the IP address thus is why using the IP works and using the name doesn't
 

veldthui

Dabbler
Joined
Nov 28, 2019
Messages
47
Well now it has locked me out. Was okay when I went to bed but next morning it says that the key has been corrupted. No longer showing that it is from the CA either. Good news is it is redirecting http to https. Bad news I can't get in so will need to start from scratch.

Good learning curve so don't think I will muck around with the certs in the 11.3 beta for now.
 
Top