Error while importing Certificate

[ZoomImpulse]

Hi all,

while importing my wildcard certificate i get the following error:

Code:

Error: Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/middlewared/job.py", line 349, in run
    await self.future
  File "/usr/local/lib/python3.7/site-packages/middlewared/job.py", line 386, in __run_body
    rv = await self.method(*([self] + args))
  File "/usr/local/lib/python3.7/site-packages/middlewared/schema.py", line 961, in nf
    return await f(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/crypto.py", line 1258, in do_create
    raise verrors
middlewared.service_exception.ValidationErrors: [EINVAL] certificate_create.privatekey: A valid private key is required, with a passphrase if one has been set.

I already successfully imported the cert on a different machine and used the same private key as well as the same cert. I am 100% sure i typed in the correct Passphrase.
The private key is >1024 Bits.
Any other reason why this could happen?

 

[Samuel Tai]

In lines 1252-1255 of /usr/local/lib/python3.7/site-packages/middlewared/plugins/crypto.py, the certificate importer checks if the CN in the certificate matches the FQDN of the system. This is a simple-minded string match, and the wildcard doesn't match the FQDN. You'll have to use a non-wildcard certificate, sorry.

 

[ZoomImpulse]

Alright, thanks for clarifying!

 

[ZoomImpulse]

I did a workaround by setting up a reverse proxy jail.

 

[Krebsy]

jumping into an old thread:-

I'm having problems trying to import Certificates for OPenVPN from my VPN provider (Windscribe) and am getting this sort of error.

Not clear on the whole wildcard/not-wildcard certificate thing, can someone please advise on some easy walkthrough steps for all of this?

The certificate signing is all done locally on the server (I think) and whilst the Certs I import look valid (from online checks), the keys do not.

Ta,

K.