ddumont Posted February 1, 2022 Share Posted February 1, 2022 I can't seem to get update-ca-certificates to take my ca cert, and when i reboot the folder no longer has it in there. Quote Link to comment
ddumont Posted February 2, 2022 Author Share Posted February 2, 2022 (edited) This is way harder than it needs to be. There's no /usr/local/share/ca-certificates directory which is the default for upgrade-ca-certificates Making that dir and placing my ca there Running upgrade-ca-certificates causes the certbundle to be deleted (because that's what the script does) and then it fails to construct the new bundle because perl is not on the system Download perl, install, re-run upgrade-ca-certificates with --fresh now and I have it installed. How do I get this to persist now? Can someone please add perl to the base os so that this stuff works? Edited February 2, 2022 by ddumont Quote Link to comment
ljm42 Posted February 2, 2022 Share Posted February 2, 2022 I'm not familiar with upgrade-ca-certificates because Unraid doesn't use that. Just to be sure, are you asking how to install a custom SSL certificate for the Unraid webgui? First, reboot to undo all of your customizations Then see the "Custom certificate" portion of the wiki: https://wiki.unraid.net/Manual/Security#Custom_certificate_-_with_option_to_have_My_Servers_Remote_Access There is also a section for having Unraid generate a Self-signed certificate if that is what you are looking for. If you have any questions, be sure to let me know what version of Unraid you are running. Quote Link to comment
ddumont Posted February 2, 2022 Author Share Posted February 2, 2022 (edited) 7 hours ago, ljm42 said: I'm not familiar with upgrade-ca-certificates because Unraid doesn't use that. Yes it does, if it relies on openssl root certificates for things like connecting to the unraid app store thing. And downloading images for docker from public repos. update-ca-certificates is used to update the installed root ca's for the slackware install and anything else that uses openssl. Quote Just to be sure, are you asking how to install a custom SSL certificate for the Unraid webgui? No, absolutely not. I know how to do that. I'm runnning my own local CA for my home network. Inside unraid I'm running a container with dnsmasq to serve my domain addresses (on .home) I'm running a reverse proxy in a container to handle all ssl traffic to any other docker http endpoint. The reverse proxy is configured with a wildcard cert for my domain. I'm running a docker registry (inside docker... woohoo!) to serve my own custom docker images, over https (I would like to password protect this (it already is) but launching new containers from images there requires me to ssh into the unriad host and docker login. I have another forum post about that) ^-- this last one is where I ran into issues, because docker uses the root CAs of openssl to verify ssl connections, and it was not trusting my root CA. Not having perl installed (which is a dep of the openssl install unraid has, see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860254 ( i know it's debian and not slackware but it still applies )) breaks maintenance functionality of openssl. This would mean that I need to wait for a patch from unRaid guys to get new root certificates when there are new or changed ones (expirations, revocations, etc...) I know perl is big, but please don't remove it from the unraid images. Also, please make it easier to customize the root certs in unraid so i don't have to hack the init script to do this process on every boot.... Edited February 2, 2022 by ddumont Quote Link to comment
ljm42 Posted February 2, 2022 Share Posted February 2, 2022 Keep in mind that Unraid is more of an appliance than a general purpose Linux box. Deep customizations are risky because you're basing them on how things work today and there is no guarantee that things will work that way in the future. Perl is not included in the base OS but can be installed using the "nerdpack gui" plugin. The /boot/config/go script runs at boot. Without any knowledge of exactly what you need, in general the way to handle this sort of thing in Unraid is to place your customized files on the flash drive and then modify /boot/config/go to copy the files into the right place in RAM. Depending on exactly when this happens during the boot process you may also need to run an init script to get the system to read the files. 4 hours ago, ddumont said: please make it easier to customize the root certs in unraid If you think other people would want this functionality, please write up a feature request. I'd recommend including technical details to cut down on the amount of research that needs to be done up front. If you are able to get it working on your own, include details on your solution too. Quote Link to comment
ddumont Posted February 2, 2022 Author Share Posted February 2, 2022 Ok will do. 1 Quote Link to comment
FixYouDeveloper Posted April 3, 2022 Share Posted April 3, 2022 Thanks for creating the feature request thread. For those who stumble upon this thread. Please continue discussion on the feature request thread instead. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.