Messages

1

20.7 Legacy Series / Re: Own package mirror with "self-signed" certificate (or how to add my own CA cert)

« on: September 24, 2020, 09:23:15 am »

whats wrong with " System::Trust::Authorities"?

I put my certificates (Root CA and Issuing Intermediate CA) there but the update function still didn't accept my mirror's certificate.
I'll try that again.

Edit:
Feeling kinda dumb right now ... Just added our certificates again, and it worked ... Thanks for the hint!

2

20.7 Legacy Series / [Sovled] Own package mirror with "self-signed" certificate

« on: September 23, 2020, 11:53:04 am »

Hi,

I set up a package mirror for OPNsense with a SSL/TLS certificate signed by a private Certificate Authority (Corp. environment, multiple firewall clusters).

After lots of googling, the only way to add our private CA I've found, was to append our Root- and Intermediate-Certificate to [/usr/local]/etc/ssl/cert.pem which gets overwritten everytime the ca_root_nss package is updated or OPNsense is rebooted. Is this really the only way to add a private CA-Cert in FreeBSD?

Adding the certs to System::Trust::Authorities doesn't help. <-- It does help and sovles the issue
The way described by (0) doesn't work for the pkg command (it works when using the openssl command though).

(0) https://blog.socruel.nu/freebsd/how-to-install-private-CA-on-freebsd.html