vikingred
Cadet
- Joined
- Dec 14, 2020
- Messages
- 2
I know this topic has been posted a number of times, I apologize in advance, but I just can't seem to fix it. I love TrueNAS, and have had it for some time now, but use it in a very simple and limited way - just as a large local SMB share on my network (no open ports to the internet). In fact, I turn it of sometimes for weeks when I'm not using it. I'm sorry to be a bother but I'm really needing help here. It would be greatly appreciated (please take it easy on me, my memory and focus are really bad and this is embarassing. I am struggling with a chronic illness that makes it difficult to concentrate). I don't want to lose all of my data and I'm worried. Here is some information on my installation. It is connected via ethernet to my router and has a static IP address on my network:
(I had this set up before TrueNAS core came out, and updated to core along the way).
Platform: Generic
Version: TrueNAS-13.0-U4
HostName: nas0.localnet
This morning when I turned the machine on after some time of having it off, I received this message when I booted it up:
This is the certificate:
"/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost".
I can't seem to just "update it" as I believe it was system generated.
I have searched google, and see it's happened to a number of people (and I realize it's something that I should know and be familiar with but I'm just not). I'm very unfamiliar with how to keep up with CAs and Certificates. I couldn't find an easy answer and nothing I have tried has worked. I have read the documentation page here: https://www.truenas.com/docs/core/c...atingcasandcertificates/creatingcertificates/ about creating CAs and certificates.
But, I am unable to determine which is the most simple right way to do it just for only the system certificate.
I have understood that it will be necessary to create a CA first but even that has so many options I just can't figure out the exact necessities of options for a system default certificate only.
I have watched several Youtube videos, but it seems they are making CAs and certificates for a different purposes.
I tried asking ChatGPT for the answer and it reponded:
Open a terminal window and run the following command to generate a new SSL/TLS certificate:
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /usr/local/etc/ssl/private/freenas.key -out /usr/local/etc/ssl/certs/freenas.crt
This command generates a new self-signed SSL/TLS certificate that is valid for 10 years (3650 days).
That did not work for me and gave errors. So much for AI. I am worried if I keep messing with it, it will break something and lose my data. I can no longer access the data from my the mapped drive letter I use on my main computer. I do have a system config backup in case something happens.
It's not clear which options to use if I only want to replace/renew/update my system-generated freenas_default certificate. There are so many settings and choices and I have not been able to find a simple walkthrough for just fixing this one issue. I don't need a https certificate since I'm only using it on my local network and it's a closed network. Again, I apologize, I am in over my head on this stuff, but I love the reliability of my DIY TrueNAS machine.
I am looking for the simplest possible fix. Would it work to just update the installation to TrueNAS SCALE? If so, should I use Angelfish or Bluefin?
If that's not the way to go, would someone mind walking me through step by step on how to fix it. or do a video on it?
Again, I'm dealing with chronic illness that impairs my ability to focus and concentrate, and this issue seems to be out of my league. I feel bad for asking and taking up your time, but I have no where else to turn with it.
Thank you, I hope I have provided everything. I have two "users", admin and root. I am sure I'm violating best practices, and I'm sure it's a facepalm but any help would be sincerely appreciated.
(I had this set up before TrueNAS core came out, and updated to core along the way).
Platform: Generic
Version: TrueNAS-13.0-U4
HostName: nas0.localnet
This morning when I turned the machine on after some time of having it off, I received this message when I booted it up:
Certificate 'freenas_default' has expired.
2023-05-03 09:35:21 (America/Chicago)This is the certificate:
"/C=US/O=iXsystems/CN=localhost/emailAddress=info@ixsystems.com/ST=Tennessee/L=Maryville/subjectAltName=DNS:localhost".
I can't seem to just "update it" as I believe it was system generated.
I have searched google, and see it's happened to a number of people (and I realize it's something that I should know and be familiar with but I'm just not). I'm very unfamiliar with how to keep up with CAs and Certificates. I couldn't find an easy answer and nothing I have tried has worked. I have read the documentation page here: https://www.truenas.com/docs/core/c...atingcasandcertificates/creatingcertificates/ about creating CAs and certificates.
But, I am unable to determine which is the most simple right way to do it just for only the system certificate.
I have understood that it will be necessary to create a CA first but even that has so many options I just can't figure out the exact necessities of options for a system default certificate only.
I have watched several Youtube videos, but it seems they are making CAs and certificates for a different purposes.
I tried asking ChatGPT for the answer and it reponded:
Open a terminal window and run the following command to generate a new SSL/TLS certificate:
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /usr/local/etc/ssl/private/freenas.key -out /usr/local/etc/ssl/certs/freenas.crt
This command generates a new self-signed SSL/TLS certificate that is valid for 10 years (3650 days).
That did not work for me and gave errors. So much for AI. I am worried if I keep messing with it, it will break something and lose my data. I can no longer access the data from my the mapped drive letter I use on my main computer. I do have a system config backup in case something happens.
It's not clear which options to use if I only want to replace/renew/update my system-generated freenas_default certificate. There are so many settings and choices and I have not been able to find a simple walkthrough for just fixing this one issue. I don't need a https certificate since I'm only using it on my local network and it's a closed network. Again, I apologize, I am in over my head on this stuff, but I love the reliability of my DIY TrueNAS machine.
I am looking for the simplest possible fix. Would it work to just update the installation to TrueNAS SCALE? If so, should I use Angelfish or Bluefin?
If that's not the way to go, would someone mind walking me through step by step on how to fix it. or do a video on it?
Again, I'm dealing with chronic illness that impairs my ability to focus and concentrate, and this issue seems to be out of my league. I feel bad for asking and taking up your time, but I have no where else to turn with it.
Thank you, I hope I have provided everything. I have two "users", admin and root. I am sure I'm violating best practices, and I'm sure it's a facepalm but any help would be sincerely appreciated.