TLDR: Adding a third party certificate generates an error or crashes the Webgui or is not able to be imported. Last time a cert was installed was 2 years ago.
When replacing an expired third party certificate that is used for Webgui https access, generating a CSR that is then passed to the third party CA (Digicert in this instance) results in the issuance of a new certificate. The contents of the certificate are then pasted into the certificate data box when returning to OPNsense to complete the process by 'signing' the original request. Assigning the certificate then crashes the webgui.
To Reproduce
Steps to reproduce the behavior:
Go to System>Trust>Certificates
Click on +
Enter details of certificate - fqdn as common name, RSA2048, SHA256
Save
Edit the request, observe the CSR text
Send CSR to Digicert, Obtain issued Cert
Edit the request from the list
Find the output (PEM)>Certificate Data box
Paste cert text into the box, hit Save
Observe error: missing CA key
Alternative: Manually add the cert details, minus the private key (as you do not have one from a third party). Assigning this cert to the webgui then crashes the gui and you cannot access it unless you restart the webgui and reset it from the shell.
Expected behavior
Certificate is imported without error and is assigned without causing a crash.
Software version used and hardware type if relevant, e.g.:
Versions
OPNsense 24.7.3_1-amd64
FreeBSD 14.1-RELEASE-p3
OpenSSL 3.0.14
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
TLDR: Adding a third party certificate generates an error or crashes the Webgui or is not able to be imported. Last time a cert was installed was 2 years ago.
When replacing an expired third party certificate that is used for Webgui https access, generating a CSR that is then passed to the third party CA (Digicert in this instance) results in the issuance of a new certificate. The contents of the certificate are then pasted into the certificate data box when returning to OPNsense to complete the process by 'signing' the original request. Assigning the certificate then crashes the webgui.
To Reproduce
Steps to reproduce the behavior:
Alternative: Manually add the cert details, minus the private key (as you do not have one from a third party). Assigning this cert to the webgui then crashes the gui and you cannot access it unless you restart the webgui and reset it from the shell.
Expected behavior
Certificate is imported without error and is assigned without causing a crash.
Software version used and hardware type if relevant, e.g.: Versions OPNsense 24.7.3_1-amd64 FreeBSD 14.1-RELEASE-p3 OpenSSL 3.0.14