So I'm trying to set up HTTPS on my 9.10 FreeNAS box. I have an MS AD integrated CA with an offline root and an online issuing CA that I am using to issue a certificate. I loaded the Certificates section and generated a CSR. I used the text of the CSR to request a new certificate from the CA, utilizing a "general web server" template I already have configured. I went and approved that certificate request on the issuing CA, and then downloaded the certificate chain file (p7b) from the issuing CA. Next, I opened the p7b file in Windows cert manager, and exported out the individual certs for the CA, Intermediate/Issuing, and the FreeNAS certificate into Base 64 encoded .cer files.
Next, I opened up the FreeNAS certificate and copied/pasted the contents of the issued certificate (just the one cert, not the Issuing or CA cert) into the waiting "Certificate" spot in the CSR in the web GUI and saved it. It is now listed as a proper certificate in the Certificates section, with the Issuer type "external" and all the correct identifying information. If I view it, I can see the private key section filled out and the Certificate section filled out. However, when I move to the "General" page and drop down the Certificates menu, it is not in the list. If I try to enable "HTTP + HTTPS" it complains that I have not selected a certificate. I can't, because despite it being listed in the "Certificates" section, it is not in the drop down on the general page.
Things I have tried/verified:
1. I restarted nginx and django with "service restart nginx" and "service restart django" from the shell
2. I rebooted the whole FreeNAS system, just because
3. I verified that my certificate, key and CSR are all in /etc/certificates with the name (I chose WebHTTPS for an identifer/name, so they are named "WebHTTPS.crt", "WebHTTPS.key" and "WebHTTPS.csr".
4. I used open SSL to verify the MD5 of the .crt against the .key, they are the same.
5. I tried creating a chain, by pasting first the host's Base 64 certificate text, then the Intermediate/Issuing base64 certificate text, then the Root CA base64 certificate text in when populating the "Certificate" section. This creates a certificate just fine, but still does not make it appear in the dropdown list to select for HTTPS (or HTTP + HTTPS) in the General tab.
What am I missing here? I'm certainly open to the idea that my certificate template is not generating a cert that FreeNAS likes, but how can I tell? Are there other steps I'm not aware of to get the certificate to show up in the drop down? Help!
Next, I opened up the FreeNAS certificate and copied/pasted the contents of the issued certificate (just the one cert, not the Issuing or CA cert) into the waiting "Certificate" spot in the CSR in the web GUI and saved it. It is now listed as a proper certificate in the Certificates section, with the Issuer type "external" and all the correct identifying information. If I view it, I can see the private key section filled out and the Certificate section filled out. However, when I move to the "General" page and drop down the Certificates menu, it is not in the list. If I try to enable "HTTP + HTTPS" it complains that I have not selected a certificate. I can't, because despite it being listed in the "Certificates" section, it is not in the drop down on the general page.
Things I have tried/verified:
1. I restarted nginx and django with "service restart nginx" and "service restart django" from the shell
2. I rebooted the whole FreeNAS system, just because
3. I verified that my certificate, key and CSR are all in /etc/certificates with the name (I chose WebHTTPS for an identifer/name, so they are named "WebHTTPS.crt", "WebHTTPS.key" and "WebHTTPS.csr".
4. I used open SSL to verify the MD5 of the .crt against the .key, they are the same.
5. I tried creating a chain, by pasting first the host's Base 64 certificate text, then the Intermediate/Issuing base64 certificate text, then the Root CA base64 certificate text in when populating the "Certificate" section. This creates a certificate just fine, but still does not make it appear in the dropdown list to select for HTTPS (or HTTP + HTTPS) in the General tab.
What am I missing here? I'm certainly open to the idea that my certificate template is not generating a cert that FreeNAS likes, but how can I tell? Are there other steps I'm not aware of to get the certificate to show up in the drop down? Help!