Author Topic: Creating Self Signed certificate SAN missing after save (Read 2361 times)

nickro · « **on:** December 31, 2021, 08:10:56 pm »

I cannot get subjectAltName to stay after creating a certificate.
I followed https://docs.opnsense.org/manual/how-tos/self-signed-chain.html, and the last step is to add domain in
"see attachment" i cannot get it to stay.
It missing after certificate is created and chrome is throwing an error.
NET::ERR_CERT_COMMON_NAME_INVALID

Weird thing is that i created few certificates last year and it worked.

I am on lates OPNSense version.

thanks!

Fright · « **Reply #1 on:** December 31, 2021, 08:47:22 pm »

Quote

cannot get subjectAltName to stay after creating a certificate

to stay where?
imho the problem is something else (tested. SAN attached correctly)
you can make sure that the extension is present by clicking the "i" button at System: Trust: Certificates
(there should be a " X509v3 Subject Alternative Name:" section i think)

nickro · « **Reply #2 on:** December 31, 2021, 09:01:41 pm »

Eh it's there now, where you pointed, earlier certificates had additional filed SubjectAltName ,see attachment, so i was confused:
now its only in "X509v3 Subject Alternative Name"

Thank you!!

Additional question, i am using Unbound Host Overrides to point to my local Nginx proxy, everything works, but instead of creating 20+ entries for all my internal services i tried Domain Override and it just cannot resolve domain names, so i have to go one by one with Host Overrides.

is this correct?

Fright · « **Reply #3 on:** January 01, 2022, 06:52:38 am »

Hi

Quote

now its only in "X509v3 Subject Alternative Name"

yes, SAN is an extension and it should not be attached to DN )

Quote

i tried Domain Override and it just cannot resolve domain names, so i have to go one by one with Host Overrides

so you tried "*" as a hostname in Host Overrides and unbound crashes with this settings?
Domain matches "domain" value in System: Settings: General?

nickro · « **Reply #4 on:** January 01, 2022, 09:48:22 am »

Quote from: Fright on January 01, 2022, 06:52:38 am

so you tried "*" as a hostname in Host Overrides and unbound crashes with this settings?
Domain matches "domain" value in System: Settings: General?

Actually i tried Domain Override not Host and that didn't work, after some reading turns out you cannot override your OPNSense domain (added to Settings>General)

Fright · « **Reply #5 on:** January 01, 2022, 11:00:39 am »

Quote

Actually i tried Domain Override

domain override can not work as a wildcard host override
you can try '*' hostname in host override but not for opnsense-domain (System: Settings: General)

nickro · « **Reply #6 on:** January 01, 2022, 12:17:27 pm »

yep, i understand now.

Thank you !

Author Topic: Creating Self Signed certificate SAN missing after save (Read 2361 times)

nickro

Creating Self Signed certificate SAN missing after save

Fright

Re: Creating Self Signed certificate SAN missing after save

nickro

Re: Creating Self Signed certificate SAN missing after save

Fright

Re: Creating Self Signed certificate SAN missing after save

nickro

Re: Creating Self Signed certificate SAN missing after save

Fright

Re: Creating Self Signed certificate SAN missing after save

nickro

Re: Creating Self Signed certificate SAN missing after save