-
Posts
7 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Report Comments posted by AeonLucid
-
-
Updating to 6.10.0-rc2 from 6.9.2 broke my SSL and SSH setup.
My self signed certificate (for local SSL access) was overwritten by the new automatically generated certificate and I am now forced to use the hostname + (optional) local TLD while I wish to use IP address access. I am not turning off SSL so I can access my server with an IP address. At my first attempt to replace /boot/config/ssl/certs/Hostname_unraid_bundle.pem with my own bundle (signed by my own root CA so it is trusted) failed and it got overwritten again. Can I please just use my own stuff?
Regarding SSH, prior to updating I did migrate to the new way of providing authorized_keys. The file /boot/config/ssh/root/authorized_keys does contain my public keys and I confirmed ~/.ssh/authorized_keys does aswell. However when I try to connect as before I get "Server refused our key".
Edit: Using this comment by @maxstevens2 I created and put the following into my /boot/config/go file to disable the SSL certificate bundle overwrite and I also added something to get IP address access with SSL back. If you copy this, don't forget to replace the IP with yours.
# Patch certificate bundle overwrite. sed -i 's/\[\[ \$SUBJECT != \$LANFQDN ]]/# Patched out by go script/g' /etc/rc.d/rc.nginx # Patch hostname redirect. sed -i 's/server_name \$LANFQDN;/server_name \$LANFQDN 192.168.1.2;/g' /etc/rc.d/rc.nginx
Edit 2: Updating my SSH client fixed the SSH issues.
Unraid OS version 6.10.0-rc2 available
-
-
-
-
-
in Prereleases
Posted
I understand, but I can easily comment them out, reboot and go back to stock. There is no intent to expose this to the internet or use the unraid remote access solution. I just want to use SSL with a local IP address, which is properly supported by SSL certificates.
Yes I know that, which is why I am forcing the nginx configuration to use the IP address as server_name that I have configured inside my SNI certificate.
authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment subjectAltName = @alt_names [alt_names] IP.1 = 192.168.1.2
There is no option to "provide your own self-signed" certificate. Which is why I had to patch the nginx script.
It does, now.
I want to use a local IP Address.