Text only | Text with Images

OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: nickro on December 31, 2021, 08:10:56 PM

Title: Creating Self Signed certificate SAN missing after save
Post by: nickro on December 31, 2021, 08:10:56 PM
I cannot get subjectAltName to stay after creating a certificate.
I followed https://docs.opnsense.org/manual/how-tos/self-signed-chain.html, and the last step is to add domain in
"see attachment" i cannot get it to stay.
It missing after certificate is created and chrome is throwing an error.
NET::ERR_CERT_COMMON_NAME_INVALID

Weird thing is that i created few certificates last year and it worked.

I am on lates OPNSense version.

thanks!
Title: Re: Creating Self Signed certificate SAN missing after save
Post by: Fright on December 31, 2021, 08:47:22 PM
Quotecannot get subjectAltName to stay after creating a certificate
to stay where?
imho the problem is something else (tested. SAN attached correctly)
you can make sure that the extension is present by clicking the "i" button at System: Trust: Certificates
(there should be a " X509v3 Subject Alternative Name:" section i think)
Title: Re: Creating Self Signed certificate SAN missing after save
Post by: nickro on December 31, 2021, 09:01:41 PM
Eh it's there now, where you pointed, earlier certificates had additional filed SubjectAltName ,see attachment, so i was confused:
now its only in "X509v3 Subject Alternative Name"

Thank you!!

Additional question, i am using Unbound Host Overrides to point to my local Nginx proxy, everything works, but instead of creating 20+ entries for all my internal services i tried Domain Override and it just cannot resolve domain names, so i have to go one by one with Host Overrides.

is this correct?
Title: Re: Creating Self Signed certificate SAN missing after save
Post by: Fright on January 01, 2022, 06:52:38 AM
Hi
Quotenow its only in "X509v3 Subject Alternative Name"
yes, SAN is an extension and it should not be attached to DN )
Quotei tried Domain Override and it just cannot resolve domain names, so i have to go one by one with Host Overrides
so you tried "*" as a hostname in Host Overrides and unbound crashes with this settings?
Domain matches "domain" value in System: Settings: General?
Title: Re: Creating Self Signed certificate SAN missing after save
Post by: nickro on January 01, 2022, 09:48:22 AM
Quote from: Fright on January 01, 2022, 06:52:38 AM

so you tried "*" as a hostname in Host Overrides and unbound crashes with this settings?
Domain matches "domain" value in System: Settings: General?

Actually i tried Domain Override not Host and that didn't work, after some reading turns out you cannot override your OPNSense domain (added to Settings>General)
Title: Re: Creating Self Signed certificate SAN missing after save
Post by: Fright on January 01, 2022, 11:00:39 AM
QuoteActually i tried Domain Override
domain override can not work as a wildcard host override
you can try '*' hostname in host override but not for opnsense-domain (System: Settings: General)
Title: Re: Creating Self Signed certificate SAN missing after save
Post by: nickro on January 01, 2022, 12:17:27 PM
yep, i understand now.

Thank you !
Text only | Text with Images