Local Trusted Certificates

Started by muchacha_grande, May 02, 2019, 06:22:13 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 02, 2019, 06:22:13 PM
Hi,
  how can I add my trusted certificates so I can backup directly to my Nextcloud?
Regards
May 02, 2019, 06:35:06 PM #1
Hi muchacha_grande,

You mean add it to certificate store on your OPNsense box,
Have a look at the next wiki page https://wiki.opnsense.org/manual/how-tos/self-signed-chain.html#a-chain-for-your-local-nextcloud-server
It is exactly described how you should add it to the store  ;)

Greetings mark
May 02, 2019, 06:53:52 PM #2
Thank you qinohe, I already did this, but the certificate won't survive an update. The certificate store is restored and my certificate is lost and I have to add it again after the update.
May 02, 2019, 07:46:17 PM #3 Last Edit: May 02, 2019, 07:48:00 PM by qinohe
Your welcome, but, read the entire topic more observant and you will discover that is also written there.  ;)
It may come to you as an unwanted surprise your certificate is removed after you got an upgrade for ca-root-nss, though, this is logical. Your self-signed certs. are not signed by a 'trusted party' like Let's Encrypt and thus 'removed'. In fact it's not removed but the whole file is replaced with a new one and you need to append yours to that file.... hope that makes sense to you.
If you wish here's a script for you to make it simpler (maybe) to add it to the store. Change it to your situation of course

Code Select

#!/bin/sh
chmod 400 /home/admin/bin/data/nextcloud.crt
cat /home/admin/bin/data/nextcloud.crt >> /usr/local/share/certs/ca-root-nss.crt
cksum /usr/local/share/certs/ca-root-nss.crt > /home/admin/sum.txt
chmod 000 /home/admin/bin/data/nextcloud.crt
exit 0


Greetings mark
May 03, 2019, 10:23:07 AM #4
What the OP wants has been added to 19.1.7.


Cheers,
Franco
May 03, 2019, 01:21:14 PM #5
I see, means I myself can stop using these scripts  ;D
Yesterday I noticed they were in 'etc/ssl/cert.pem' , though, I completely disregarded it.

Greetings mark 
May 03, 2019, 07:40:56 PM #6
It was a sneaky feature release, I'm sorry. :)


Cheers,
Franco
May 04, 2019, 12:33:14 AM #7
Al least, don't be sorry  ;) that would be conservative thinking and in my opinion that's not for you since you're the dev. Progress always has two faces, but I'm always happy with the new innovations, even if things change for me  :P

Thanks
Greetings mark
Print
Go Up Pages1
User actions