Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Web GUI certificate automatic deployment
« previous
next »
Print
Pages: [
1
]
Author
Topic: Web GUI certificate automatic deployment (Read 1953 times)
mcbatranu
Newbie
Posts: 3
Karma: 0
Web GUI certificate automatic deployment
«
on:
December 08, 2021, 11:07:38 am »
I am using the 21.7.1 version and I am trying to deploy automatically inside the OPNSense new SSL and CA certificates. I found this post for an older version:
https://forum.opnsense.org/index.php?topic=15139.0
and I tried to adapt it but I got stuck with the insertion of the Base64 certificate string inside the config.xml file.
I do not know how it used to be before, but what I am seeing now, after downloading the config.xml file, is that the cert fields inside the xml do not hold the actual PEM string, but some other string that looks like an encrypted or otherwise modified string, as it is comparable in size with the actual PEM string. The cleartext PEM strings can still be found in the actual cert files: cert.pem and key.pem.
The problem is that if I inject the cleartext PEM certificate strings inside the XML, the webgui fails to restart, probably because of the unexpected cleartext PEM strings inside - which seem to have worked in the past based on the sample script from the older forum post above.
Is this really changed and if so, how can I obtain the modified string to be injected into the config.xml file starting from the cleartext PEM (base64) string?
Logged
bartjsmit
Hero Member
Posts: 2014
Karma: 194
Re: Web GUI certificate automatic deployment
«
Reply #1 on:
December 08, 2021, 01:51:49 pm »
I have scripted this for Letsencrypt certs:
https://github.com/bartsmit/distcerts
Logged
mcbatranu
Newbie
Posts: 3
Karma: 0
Re: Web GUI certificate automatic deployment
«
Reply #2 on:
December 08, 2021, 06:13:33 pm »
Thank you!
I have searched the php scripts again and I think I found my mistake. The cert strings to be imported should already be in PEM form initially, which is a certificate in Base64 format from what I know, but then, the cert_import script is converting those strings again to Base64 using the "base64_encode" php function.
My mistake, I assumed the input cert strings are binary and the conversion to Base64 certs is done by the "/usr/bin/openssl base64".
So, most likely, the previously mentioned script should still be working in the current version.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Web GUI certificate automatic deployment