OPNsense Forum
Archive => 21.7 Legacy Series => Topic started by: mcbatranu on December 08, 2021, 11:07:38 am
-
I am using the 21.7.1 version and I am trying to deploy automatically inside the OPNSense new SSL and CA certificates. I found this post for an older version: https://forum.opnsense.org/index.php?topic=15139.0 and I tried to adapt it but I got stuck with the insertion of the Base64 certificate string inside the config.xml file.
I do not know how it used to be before, but what I am seeing now, after downloading the config.xml file, is that the cert fields inside the xml do not hold the actual PEM string, but some other string that looks like an encrypted or otherwise modified string, as it is comparable in size with the actual PEM string. The cleartext PEM strings can still be found in the actual cert files: cert.pem and key.pem.
The problem is that if I inject the cleartext PEM certificate strings inside the XML, the webgui fails to restart, probably because of the unexpected cleartext PEM strings inside - which seem to have worked in the past based on the sample script from the older forum post above.
Is this really changed and if so, how can I obtain the modified string to be injected into the config.xml file starting from the cleartext PEM (base64) string?
-
I have scripted this for Letsencrypt certs: https://github.com/bartsmit/distcerts
-
Thank you!
I have searched the php scripts again and I think I found my mistake. The cert strings to be imported should already be in PEM form initially, which is a certificate in Base64 format from what I know, but then, the cert_import script is converting those strings again to Base64 using the "base64_encode" php function.
My mistake, I assumed the input cert strings are binary and the conversion to Base64 certs is done by the "/usr/bin/openssl base64".
So, most likely, the previously mentioned script should still be working in the current version.