EDIT: A better title would be "How do I sign a CSR from another system on FreeNAS?", but I can't see how to change thread title.
Hello forum.
I'm running 11.1-U1 and have created a private CA to issue certificates to devices on my home network. Some of those devices can import both a private key and certificate that were generated elsewhere, so for those I just created key and cert within FreeNAS.
I have two systems where I can't do that. They're the iLOs of two HP MicroServers and they won't let you import a private key that was generated elsewhere (which makes sense from a security perspective). You can only have the iLO generate it's own key behind the scenes (which you never get to see), and from that generate a CSR. The CSR is then sent off to a CA to have it signed, then the signed cert can be imported back into the iLO.
I see FreeNAS displays a "Sign CSR" button available when you click on a CA under the System -> CAs tab, which pops up a dialogue where you can select from a dropdown list of CSRs. The problem is, I can't work out how to import the CSRs from the iLOs into FreeNAS so that they appear in this dropdown list for signing.
From reviewing the documentation, it appears that the "Sign CSR" dialogue will only list CSRs that were created locally within FreeNAS under System -> Certificates -> Create Certificate Signing Request. This seems odd, as CSRs are usually generated for signing by a remote CA. It's more likely to need to use the FreeNAS local CA to sign a CSR from another system.
There also seems little point in generating a CSR locally only to have it also signed by the local CA as two steps, when you can just issue a signed certificate in one step.
Can anyone advise?
Thanks.
JM
Hello forum.
I'm running 11.1-U1 and have created a private CA to issue certificates to devices on my home network. Some of those devices can import both a private key and certificate that were generated elsewhere, so for those I just created key and cert within FreeNAS.
I have two systems where I can't do that. They're the iLOs of two HP MicroServers and they won't let you import a private key that was generated elsewhere (which makes sense from a security perspective). You can only have the iLO generate it's own key behind the scenes (which you never get to see), and from that generate a CSR. The CSR is then sent off to a CA to have it signed, then the signed cert can be imported back into the iLO.
I see FreeNAS displays a "Sign CSR" button available when you click on a CA under the System -> CAs tab, which pops up a dialogue where you can select from a dropdown list of CSRs. The problem is, I can't work out how to import the CSRs from the iLOs into FreeNAS so that they appear in this dropdown list for signing.
From reviewing the documentation, it appears that the "Sign CSR" dialogue will only list CSRs that were created locally within FreeNAS under System -> Certificates -> Create Certificate Signing Request. This seems odd, as CSRs are usually generated for signing by a remote CA. It's more likely to need to use the FreeNAS local CA to sign a CSR from another system.
There also seems little point in generating a CSR locally only to have it also signed by the local CA as two steps, when you can just issue a signed certificate in one step.
Can anyone advise?
Thanks.
JM
Last edited:
