kenkendk
commented
1 month ago Sounds good. So far we have not had the option to upload the certificate in the API, so I would make that a separate issue.
Open mnaiman opened 1 month ago
kenkendk
commented
1 month ago Sounds good. So far we have not had the option to upload the certificate in the API, so I would make that a separate issue.
mnaiman
commented
1 month ago fix - https://github.com/duplicati/duplicati/pull/5413 ready for API and GUI that will have checkbox "Enable HTTPS" and upload field, that will save certificate to DB (as base64) and for certificate password when saving it would be great to exit duplicati for change to be reload (in containers or service). it not, at least some button to perform exit in Duplicati to reload.
Environment info
Description
.NET8 version have some trouble with X509Certificate2. Working great with RSA keys. But when EC keys are used and loaded HasPrivateKey property is true, but private key cannot be loaded from certificate and has to be extracted using ECDsa class. But Kestrel missing support to load certificate, because it support to load from drive from PEM, from P12, or using X509Certificate2 class.
I will prepare commit to change behavior to what we agree: 1) P12 file has to be saved eg in data folder as server.pfx and encrypted with password. Then Kestrel will be instructed like that: listenOptions.UseHttps("data\server.pfx", "super-secure-password-because-of-private-key"); 2) Option in WebUI Settings to upload P12 file and set password, which will be saved to "data\server.pfx" and used during startup. Optionally P12 can be stored to DB and save to file system during startup of Duplicati process.
I can prepare option 1, If someone will prepare option2 webui functionality.
Than I can test on Win/Linux environment.
Steps to reproduce