Show Posts
1
General Discussion / How to create certificates with invalid URIs
« on: September 28, 2023, 07:21:50 pm »
OPNSense 23.7.5.
I am trying to create an internal certificate or CSR signed by the OPNSense PKI, but GUI fails with "URI subjectAltName types must be a valid URI". I want to create a service certificate with the following SubjetAltNames:
URL=urn:myhost.mydomain.com:UA:Advosol:uaPLUS
DNS=myhost.mydomain.com
I have several commerciale software packages that generate self-signed service certificates in this format for the OPC-UA industrial protocol, so it appears to be a valid format (or was valid at one time). The industrial controllers expect the service URI in a very specific format.
OpenSSL3 accepts this as a valid URI, so it appears the OPNSense GUI is applying its own checks.
Does anyone know of a way to force the OPNSense Trust GUI to accept "invalid" URIs (i.e. special escape chars or formatting) ?
I am trying to create an internal certificate or CSR signed by the OPNSense PKI, but GUI fails with "URI subjectAltName types must be a valid URI". I want to create a service certificate with the following SubjetAltNames:
URL=urn:myhost.mydomain.com:UA:Advosol:uaPLUS
DNS=myhost.mydomain.com
I have several commerciale software packages that generate self-signed service certificates in this format for the OPC-UA industrial protocol, so it appears to be a valid format (or was valid at one time). The industrial controllers expect the service URI in a very specific format.
OpenSSL3 accepts this as a valid URI, so it appears the OPNSense GUI is applying its own checks.
Does anyone know of a way to force the OPNSense Trust GUI to accept "invalid" URIs (i.e. special escape chars or formatting) ?