Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - ronott

Pages1
#1
20.7 Legacy Series / Re: Own package mirror with "self-signed" certificate (or how to add my own CA cert)
September 24, 2020, 09:23:15 AM
Quote from: Fright on September 23, 2020, 05:49:43 PM
whats wrong with " System::Trust::Authorities"?
I put my certificates (Root CA and Issuing Intermediate CA) there but the update function still didn't accept my mirror's certificate.
I'll try that again.

Edit:
Feeling kinda dumb right now ... Just added our certificates again, and it worked ... Thanks for the hint!
#2
20.7 Legacy Series / [Sovled] Own package mirror with "self-signed" certificate
September 23, 2020, 11:53:04 AM
Hi,

I set up a package mirror for OPNsense with a SSL/TLS certificate signed by a private Certificate Authority (Corp. environment, multiple firewall clusters).

After lots of googling, the only way to add our private CA I've found, was to append our Root- and Intermediate-Certificate to [/usr/local]/etc/ssl/cert.pem which gets overwritten everytime the ca_root_nss package is updated or OPNsense is rebooted. Is this really the only way to add a private CA-Cert in FreeBSD?

Adding the certs to System::Trust::Authorities doesn't help. <-- It does help and sovles the issue
The way described by (0) doesn't work for the pkg command (it works when using the openssl command though).

(0) https://blog.socruel.nu/freebsd/how-to-install-private-CA-on-freebsd.html
Pages1