Using FreeNAS as local network CA

[ginnun]

Hello,

I am trying to use FreeNAS as CA for my local network to have a proper HTTPS support for local web services.

I firsly created an internal CA like this:

I exported the CA certificate and add it to Firefox CAs.

Then a certificate for the FreeNAS web interface:

I selected it in FreeNAS "System/General/Certifcate".


Now when I use Firefox to go to "https://freenas.local" or "https://192.168.0.100" I get the following error:

SSL_ERROR_BAD_CERT_DOMAIN

freenas.local use an invalid certificate.
The certificat is valid only for freenas.local 192.168.0.100.


The CA seem to be recognized correctly, but not the certificate domain.
What is wrong ?

I kown a can "add an exception", but I prefer try to have it work properly.

Thanks.

 

[sretalla]

For the SAN, don't you need to separate with commas?

Like this:
freenas.local,192.168.0.100

 

[ginnun]

The help say to separate with spaces. I tried with commas, but I get an error when trying to create the certificate.

I also previouslly tried to only use one SAN at time (freenas.local or 192.168.0.100). But without more success.

 

[sretalla]

It certainly looks from the error message that the two entries are being read as one.

If the advice is to use spaces, then that's fine, but you may need to log a bug report on redmine as it seems not to work as designed.

 

[dlavigne]

Yes, please create a report at bugs.freenas.org and post the issue number here.

 

[ginnun]

I think you're right.

If I set :

• CN = "freenas.local" and SAN = "freenas.local 192.168.0.100 " => Don't work
  
• CN = "freenas.local" and SAN = "192.168.0.100 " => Don't work
• CN = "freenas.local" and SAN = "freenas.local " => Work

I will report this issue. Done: https://redmine.ixsystems.com/issues/54600
Thanks.

 

[sonicaj]

An update for anyone who comes to this thread - this issue is fixed in 11.2-RC1