OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: muchacha_grande on May 02, 2019, 06:22:13 pm

Title: Local Trusted Certificates
Post by: muchacha_grande on May 02, 2019, 06:22:13 pm

Hi,
  how can I add my trusted certificates so I can backup directly to my Nextcloud?
Regards

Title: Re: Local Trusted Certificates
Post by: qinohe on May 02, 2019, 06:35:06 pm

Hi muchacha_grande,

You mean add it to certificate store on your OPNsense box,
Have a look at the next wiki page https://wiki.opnsense.org/manual/how-tos/self-signed-chain.html#a-chain-for-your-local-nextcloud-server
It is exactly described how you should add it to the store  ;)

Greetings mark

Title: Re: Local Trusted Certificates
Post by: muchacha_grande on May 02, 2019, 06:53:52 pm

Thank you qinohe, I already did this, but the certificate won't survive an update. The certificate store is restored and my certificate is lost and I have to add it again after the update.

Title: Re: Local Trusted Certificates
Post by: qinohe on May 02, 2019, 07:46:17 pm

Your welcome, but, read the entire topic more observant and you will discover that is also written there.  ;)
It may come to you as an unwanted surprise your certificate is removed after you got an upgrade for ca-root-nss, though, this is logical. Your self-signed certs. are not signed by a 'trusted party' like Let's Encrypt and thus 'removed'. In fact it's not removed but the whole file is replaced with a new one and you need to append yours to that file.... hope that makes sense to you.
If you wish here's a script for you to make it simpler (maybe) to add it to the store. Change it to your situation of course

Code: [Select]

#!/bin/sh
chmod 400 /home/admin/bin/data/nextcloud.crt
cat /home/admin/bin/data/nextcloud.crt >> /usr/local/share/certs/ca-root-nss.crt
cksum /usr/local/share/certs/ca-root-nss.crt > /home/admin/sum.txt
chmod 000 /home/admin/bin/data/nextcloud.crt
exit 0

Greetings mark

Title: Re: Local Trusted Certificates
Post by: franco on May 03, 2019, 10:23:07 am

What the OP wants has been added to 19.1.7.


Cheers,
Franco

Title: Re: Local Trusted Certificates
Post by: qinohe on May 03, 2019, 01:21:14 pm

I see, means I myself can stop using these scripts  ;D
Yesterday I noticed they were in 'etc/ssl/cert.pem' , though, I completely disregarded it.

Greetings mark 

Title: Re: Local Trusted Certificates
Post by: franco on May 03, 2019, 07:40:56 pm

It was a sneaky feature release, I'm sorry. :)


Cheers,
Franco

Title: Re: Local Trusted Certificates
Post by: qinohe on May 04, 2019, 12:33:14 am

Al least, don't be sorry  ;) that would be conservative thinking and in my opinion that's not for you since you're the dev. Progress always has two faces, but I'm always happy with the new innovations, even if things change for me  :P

Thanks
Greetings mark