Windows CA signed SSL certificate

[Darren Myers]

Hey everyone,

Was wondering if anyone has been successful in generating, signing and applying an SSL certificate from a Windows Certificate Authority for FreeNAS to utilize as an SSL cert (internal only) , the attached photo is the error I receive when trying to submit the request , it looks like its in reference to a missing attribute.

I followed this guide here and it worked , but the cert is still invalid and presents a red HTTPS status.

 

[dlavigne]

Hey everyone,

Was wondering if anyone has been successful in generating, signing and applying an SSL certificate from a Windows Certificate Authority for FreeNAS to utilize as an SSL cert (internal only)

To clarify, you generated and signed the cert on the Windows side and imported it into FreeNAS? Or you generated a CSR on the FreeNAS side and had the Windows CA sign it?

 

[Darren Myers]

To clarify, you generated and signed the cert on the Windows side and imported it into FreeNAS? Or you generated a CSR on the FreeNAS side and had the Windows CA sign it?

Thanks for the quick reply, I generated the CSR on FreeNAS , attempted to complete the request using Windows 2012 R2 CA , I pasted the CSR into a text editor, saved it, selected it when completing the request and thats when I was presented with the attached error ; I did get it to import following that guide, but it looks like its still missing something.

 

[dlavigne]

Please create a bug report at bugs.freenas.org and post the issue number here. Indicate in the report that the CSR is missing that required field.

 

[Darren Myers]

Please create a bug report at bugs.freenas.org and post the issue number here. Indicate in the report that the CSR is missing that required field.

Thanks for all the help , the bug has been created found here , bug #24289. I hope I put in enough information and made the bug correctly, I have never submitted a bug for something before.

 

[tvsjr]

The CSR doesn't specify the template type that should be used. Check here: https://social.technet.microsoft.co...esnt-match-a-template?forum=winserversecurity

Follow the instructions in the accepted answer, where you sign the cert using certreq.exe at the command line. This will let you specify the template (WebServer is what you want) and should work.

I've encountered this issue several times trying to sign CSRs from *nix boxes under Microsoft's CA.

 

[Darren Myers]

The CSR doesn't specify the template type that should be used. Check here: https://social.technet.microsoft.co...esnt-match-a-template?forum=winserversecurity

Follow the instructions in the accepted answer, where you sign the cert using certreq.exe at the command line. This will let you specify the template (WebServer is what you want) and should work.

I've encountered this issue several times trying to sign CSRs from *nix boxes under Microsoft's CA.

That's literally the exact steps I used and its still invalid to Chrome , the guide I used is http://jermsmit.com/custom-certificate-request-errors-with-0x80094801/ which uses the command : `certreq -submit -attrib “CertificateTemplate:WebServer” <request.req> ` ; the exact command the MS article uses

 

[tvsjr]

Hmm, weird. I'm running a signed cert on mine, although it was done on an earlier version of 9.10, so perhaps something has broken.

 

[danb35]

but the cert is still invalid and presents a red HTTPS status.

Why is the cert invalid? What error does the browser give you. Does a different browser give you the same error?

 

[Damien SIMON]

Hi,
I'm Damien. First, I'm sorry of my English.
My configuration is :
Freenas with active directory domain controller service.
Windows 2019 Standard with NPS service (RADIUS) + Active directory Certificate Services
I created a certificate for NPS + computers, it's OK.
So, I wd like signed a CSR request in my Windows authority and import the certificate to Freenas because my wireless connexion doesn't work.
Can anyone help me?