OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • Local Trusted Certificates
« previous next »
  • Print
Pages: [1]

Author Topic: Local Trusted Certificates  (Read 3415 times)

muchacha_grande

  • Full Member
  • ***
  • Posts: 141
  • Karma: 9
    • View Profile
Local Trusted Certificates
« on: May 02, 2019, 06:22:13 pm »
Hi,
  how can I add my trusted certificates so I can backup directly to my Nextcloud?
Regards
Logged

qinohe

  • Full Member
  • ***
  • Posts: 160
  • Karma: 19
    • View Profile
Re: Local Trusted Certificates
« Reply #1 on: May 02, 2019, 06:35:06 pm »
Hi muchacha_grande,

You mean add it to certificate store on your OPNsense box,
Have a look at the next wiki page https://wiki.opnsense.org/manual/how-tos/self-signed-chain.html#a-chain-for-your-local-nextcloud-server
It is exactly described how you should add it to the store  ;)

Greetings mark
Logged

muchacha_grande

  • Full Member
  • ***
  • Posts: 141
  • Karma: 9
    • View Profile
Re: Local Trusted Certificates
« Reply #2 on: May 02, 2019, 06:53:52 pm »
Thank you qinohe, I already did this, but the certificate won't survive an update. The certificate store is restored and my certificate is lost and I have to add it again after the update.
Logged

qinohe

  • Full Member
  • ***
  • Posts: 160
  • Karma: 19
    • View Profile
Re: Local Trusted Certificates
« Reply #3 on: May 02, 2019, 07:46:17 pm »
Your welcome, but, read the entire topic more observant and you will discover that is also written there.  ;)
It may come to you as an unwanted surprise your certificate is removed after you got an upgrade for ca-root-nss, though, this is logical. Your self-signed certs. are not signed by a 'trusted party' like Let's Encrypt and thus 'removed'. In fact it's not removed but the whole file is replaced with a new one and you need to append yours to that file.... hope that makes sense to you.
If you wish here's a script for you to make it simpler (maybe) to add it to the store. Change it to your situation of course

Code: [Select]
#!/bin/sh
chmod 400 /home/admin/bin/data/nextcloud.crt
cat /home/admin/bin/data/nextcloud.crt >> /usr/local/share/certs/ca-root-nss.crt
cksum /usr/local/share/certs/ca-root-nss.crt > /home/admin/sum.txt
chmod 000 /home/admin/bin/data/nextcloud.crt
exit 0

Greetings mark
« Last Edit: May 02, 2019, 07:48:00 pm by qinohe »
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13957
  • Karma: 1210
    • View Profile
Re: Local Trusted Certificates
« Reply #4 on: May 03, 2019, 10:23:07 am »
What the OP wants has been added to 19.1.7.


Cheers,
Franco
Logged

qinohe

  • Full Member
  • ***
  • Posts: 160
  • Karma: 19
    • View Profile
Re: Local Trusted Certificates
« Reply #5 on: May 03, 2019, 01:21:14 pm »
I see, means I myself can stop using these scripts  ;D
Yesterday I noticed they were in 'etc/ssl/cert.pem' , though, I completely disregarded it.

Greetings mark 
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13957
  • Karma: 1210
    • View Profile
Re: Local Trusted Certificates
« Reply #6 on: May 03, 2019, 07:40:56 pm »
It was a sneaky feature release, I'm sorry. :)


Cheers,
Franco
Logged

qinohe

  • Full Member
  • ***
  • Posts: 160
  • Karma: 19
    • View Profile
Re: Local Trusted Certificates
« Reply #7 on: May 04, 2019, 12:33:14 am »
Al least, don't be sorry  ;) that would be conservative thinking and in my opinion that's not for you since you're the dev. Progress always has two faces, but I'm always happy with the new innovations, even if things change for me  :P

Thanks
Greetings mark
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 19.1 Legacy Series »
  • Local Trusted Certificates
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2