How to create certificates with invalid URIs

Barry2023 · September 28, 2023, 07:21:50 PM

OPNSense 23.7.5.

I am trying to create an internal certificate or CSR signed by the OPNSense PKI, but GUI fails with "URI subjectAltName types must be a valid URI". I want to create a service certificate with the following SubjetAltNames:

URL=urn:myhost.mydomain.com:UA:Advosol:uaPLUS
DNS=myhost.mydomain.com

I have several commerciale software packages that generate self-signed service certificates in this format for the OPC-UA industrial protocol, so it appears to be a valid format (or was valid at one time). The industrial controllers expect the service URI in a very specific format.

OpenSSL3 accepts this as a valid URI, so it appears the OPNSense GUI is applying its own checks.

Does anyone know of a way to force the OPNSense Trust GUI to accept "invalid" URIs (i.e. special escape chars or formatting) ?

How to create certificates with invalid URIs

Barry2023

September 28, 2023, 07:21:50 PM