Nick2253
Wizard
- Joined
- Apr 21, 2014
- Messages
- 1,633
I'm pretty sure this is a bug, but I want to make sure I'm not missing anything before I submit.
Some background: I'm trying to get a StartSSL certificate to work on my FreeNAS box.
When I import the certificate in the FreeNAS gui, I've concatenated the server certificate and the intermediate certificate. This shows correctly when I selected the certificate and click "View".
However, when I go to the website, the browser is unable to authenticate, because the intermediate certificate is missing. When I check in /etc/certificates, the appropriate certificate file only lists the server certificate, and not the intermediate certificate.
When I manually add the intermediate certificate to the appropriate .crt in /etc/certificates and restart nginx, it works properly.
Did I do something wrong, or is this a bug?
EDIT: After further research, I realized that I can add the intermediate certificates as a CA, even if I don't have the key. I'm assuming that this is the intended way. However, to be honest, the documentation isn't super clear on this point. Furthermore, it's a bit deceitful since FreeNAS shows the intermediate certificate with the server certificate, even though it doesn't even write it to the /etc/certificates folder.
The reason I figured this out is because pfSense (also getting a new SSL cert) requires the intermediate certificate to be installed like this: when I tried to import the concatanated bundle, it informed me that it was only looking at the first certificate, which was my clue that the intermediate cert had to go somewhere else.
Some background: I'm trying to get a StartSSL certificate to work on my FreeNAS box.
When I import the certificate in the FreeNAS gui, I've concatenated the server certificate and the intermediate certificate. This shows correctly when I selected the certificate and click "View".
However, when I go to the website, the browser is unable to authenticate, because the intermediate certificate is missing. When I check in /etc/certificates, the appropriate certificate file only lists the server certificate, and not the intermediate certificate.
When I manually add the intermediate certificate to the appropriate .crt in /etc/certificates and restart nginx, it works properly.
Did I do something wrong, or is this a bug?
EDIT: After further research, I realized that I can add the intermediate certificates as a CA, even if I don't have the key. I'm assuming that this is the intended way. However, to be honest, the documentation isn't super clear on this point. Furthermore, it's a bit deceitful since FreeNAS shows the intermediate certificate with the server certificate, even though it doesn't even write it to the /etc/certificates folder.
The reason I figured this out is because pfSense (also getting a new SSL cert) requires the intermediate certificate to be installed like this: when I tried to import the concatanated bundle, it informed me that it was only looking at the first certificate, which was my clue that the intermediate cert had to go somewhere else.
Last edited:
