Creating Self Signed certificate SAN missing after save

Started by nickro, December 31, 2021, 08:10:56 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 31, 2021, 08:10:56 PM
I cannot get subjectAltName to stay after creating a certificate.
I followed https://docs.opnsense.org/manual/how-tos/self-signed-chain.html, and the last step is to add domain in
"see attachment" i cannot get it to stay.
It missing after certificate is created and chrome is throwing an error.
NET::ERR_CERT_COMMON_NAME_INVALID

Weird thing is that i created few certificates last year and it worked.

I am on lates OPNSense version.

thanks!
December 31, 2021, 08:47:22 PM #1 Last Edit: December 31, 2021, 08:56:34 PM by Fright
Quotecannot get subjectAltName to stay after creating a certificate
to stay where?
imho the problem is something else (tested. SAN attached correctly)
you can make sure that the extension is present by clicking the "i" button at System: Trust: Certificates
(there should be a " X509v3 Subject Alternative Name:" section i think)
December 31, 2021, 09:01:41 PM #2
Eh it's there now, where you pointed, earlier certificates had additional filed SubjectAltName ,see attachment, so i was confused:
now its only in "X509v3 Subject Alternative Name"

Thank you!!

Additional question, i am using Unbound Host Overrides to point to my local Nginx proxy, everything works, but instead of creating 20+ entries for all my internal services i tried Domain Override and it just cannot resolve domain names, so i have to go one by one with Host Overrides.

is this correct?
January 01, 2022, 06:52:38 AM #3
Hi
Quotenow its only in "X509v3 Subject Alternative Name"
yes, SAN is an extension and it should not be attached to DN )
Quotei tried Domain Override and it just cannot resolve domain names, so i have to go one by one with Host Overrides
so you tried "*" as a hostname in Host Overrides and unbound crashes with this settings?
Domain matches "domain" value in System: Settings: General?
January 01, 2022, 09:48:22 AM #4
Quote from: Fright on January 01, 2022, 06:52:38 AM

so you tried "*" as a hostname in Host Overrides and unbound crashes with this settings?
Domain matches "domain" value in System: Settings: General?

Actually i tried Domain Override not Host and that didn't work, after some reading turns out you cannot override your OPNSense domain (added to Settings>General)
January 01, 2022, 11:00:39 AM #5
QuoteActually i tried Domain Override
domain override can not work as a wildcard host override
you can try '*' hostname in host override but not for opnsense-domain (System: Settings: General)
January 01, 2022, 12:17:27 PM #6
yep, i understand now.

Thank you !
Print
Go Up Pages1
User actions