Joedy Posted May 23, 2022 Share Posted May 23, 2022 (edited) I had my own custom Wildcard ssl certificate, After upgrading to 6.10.1 it now does not give me th eoption and has an unraid wildcard instead. How do i get it to use mine again? Edited May 24, 2022 by Joedy Quote Link to comment
ljm42 Posted May 23, 2022 Share Posted May 23, 2022 13 hours ago, Joedy said: I had my own custom Wildcard ssl certificate, After upgrading to 6.10.1 it now does not give me th eoption and has an unraid wildcard instead. How do i get it to use mine again? It looks like you Provisioned a myunraid.net cert. That is fine, in 6.10 you can use your own custom cert as well. The Settings -> Management Access page does not show details about personal certs but they do work fine. You have to make sure to set the Server Name and Local TLD of the server to match the Subject of the certificate. Wildcards are supported too. Full instructions are in the manual: https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29 Start with the "a few details before we begin" section and then scroll down to "Custom Certificates" If you have any questions, tell me the url that you want to use to access the server and I will tell you how to set the server name, Local TLD, and certificate. Quote Link to comment
Joedy Posted May 23, 2022 Author Share Posted May 23, 2022 5 hours ago, ljm42 said: It looks like you Provisioned a myunraid.net cert. That is fine, in 6.10 you can use your own custom cert as well. The Settings -> Management Access page does not show details about personal certs but they do work fine. You have to make sure to set the Server Name and Local TLD of the server to match the Subject of the certificate. Wildcards are supported too. Full instructions are in the manual: https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29 Start with the "a few details before we begin" section and then scroll down to "Custom Certificates" If you have any questions, tell me the url that you want to use to access the server and I will tell you how to set the server name, Local TLD, and certificate. Ok thanks will give it a try so it is not TLD anymore it is the machines full domain name Quote Link to comment
Joedy Posted May 23, 2022 Author Share Posted May 23, 2022 (edited) On 5/24/2022 at 2:08 AM, ljm42 said: It looks like you Provisioned a myunraid.net cert. That is fine, in 6.10 you can use your own custom cert as well. The Settings -> Management Access page does not show details about personal certs but they do work fine. You have to make sure to set the Server Name and Local TLD of the server to match the Subject of the certificate. Wildcards are supported too. Full instructions are in the manual: https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29 Start with the "a few details before we begin" section and then scroll down to "Custom Certificates" If you have any questions, tell me the url that you want to use to access the server and I will tell you how to set the server name, Local TLD, and cerserverstificate. "Sorry about the double up of screen shots but when I paste into the forum it puts double in for some reason." I tried to do it bother ways with the wildcard cert I have but it wont pick up the local Certificate and if I dont provision the unraid cert I cant use the My Servers Edited May 24, 2022 by Joedy Quote Link to comment
ljm42 Posted May 23, 2022 Share Posted May 23, 2022 You showed a screenshot of your browser where it showed you the certificate information. Click the Details tab and find the "Subject" field. What url is listed there in the "Subject" field? A screenshot of this would be great. What url do you want to use to access the server? Quote Link to comment
Joedy Posted May 23, 2022 Author Share Posted May 23, 2022 (edited) 3 hours ago, ljm42 said: You showed a screenshot of your browser where it showed you the certificate information. Click the Details tab and find the "Subject" field. What url is listed there in the "Subject" field? A screenshot of this would be great. And what url do you want to use to access the server? The url to access the server is https://backup.horts.com.au the cert screenshots is just the unraid cert not my actual certificate. Edited May 24, 2022 by Joedy remove one attachment Quote Link to comment
Joedy Posted May 23, 2022 Author Share Posted May 23, 2022 (edited) 3 hours ago, ljm42 said: You showed a screenshot of your browser where it showed you the certificate information. Click the Details tab and find the "Subject" field. What url is listed there in the "Subject" field? A screenshot of this would be great. What url do you want to use to access the server? this is the cert it should be using, was using before the upgrade Multi domain wildcard Certificate Edited May 24, 2022 by trurl delete duplicate screenshot Quote Link to comment
Solution ljm42 Posted May 24, 2022 Solution Share Posted May 24, 2022 2 hours ago, Joedy said: The url to access the server is https://backup.horts.com.au To use this url: https://backup.horts.com.au Your Server name (on Settings -> Identification) should be "backup" Your Local TLD (on Settings -> Management Access) should be "horts.com.au" When you change "Use SSL/TLS" to Yes, Unraid will automatically make a self-signed certificate with the "Subject" of "backup.horts.com.au" and place it on the flash drive here: config/ssl/certs/backup_unraid_bundle.pem 2 hours ago, Joedy said: this is the cert it should be using, was using before the upgrade Multi domain wildcard Certificate The screenshot you provided of your custom certificate uses the "Subject Alternative Name" field, which Unraid ignores. It sort of worked in 6.9.2, but only by accident. It will not work in Unraid 6.10. If you want to provide your own certificate, you need to make sure the "Subject" of the certificate is either "backup.horts.com.au" or "*.horts.com.au". Then overwrite the certificate that Unraid created on your flash drive: config/ssl/certs/backup_unraid_bundle.pem You can then change "Use SSL/TLS" back to No and then to Yes again to get it to see the cert. Or you can open a web terminal and run: /etc/rc.d/rc.nginx reload Note that if the "Subject" of the cert is not correct, the certificate will be deleted and replaced with a self-signed cert that has the correct Subject. 1 Quote Link to comment
Joedy Posted May 24, 2022 Author Share Posted May 24, 2022 (edited) 10 minutes ago, ljm42 said: To use this url: https://backup.horts.com.au Your Server name (on Settings -> Identification) should be "backup" Your Local TLD (on Settings -> Management Access) should be "horts.com.au" When you change "Use SSL/TLS" to Yes, Unraid will automatically make a self-signed certificate with the "Subject" of "backup.horts.com.au" and place it on the flash drive here: config/ssl/certs/backup_unraid_bundle.pem The screenshot you provided of your custom certificate uses the "Subject Alternative Name" field, which Unraid ignores. It sort of worked in 6.9.2, but only by accident. It will not work in Unraid 6.10. If you want to provide your own certificate, you need to make sure the "Subject" of the certificate is either "backup.horts.com.au" or "*.horts.com.au". Then overwrite the certificate that Unraid created on your flash drive: config/ssl/certs/backup_unraid_bundle.pem You can then change "Use SSL/TLS" back to No and then to Yes again to get it to see the cert. Or you can open a web terminal and run: /etc/rc.d/rc.nginx reload Note that if the "Subject" of the cert is not correct, the certificate will be deleted and replaced with a self-signed cert that has the correct Subject. Well thats just not real good as it is a multi domain wildcard cert and that is not an option for it as the subject name is horts.com.au, we use this certificate through our enterprise setup. bit disapointed this was changed and is now useless, the drives in the array do not show up if the certificate does not match and other areas have issues now because of this. we will just roll back and use the older version as the new one provides no benifit to us, thanks heaps for your response. Edited May 24, 2022 by Joedy added subject name Quote Link to comment
trurl Posted May 24, 2022 Share Posted May 24, 2022 3 hours ago, Joedy said: Sorry about the double up of screen shots but when I paste into the forum it puts double in for some reason. Doesn't seem to happen to anyone else. How are you doing this exactly? Quote Link to comment
Joedy Posted May 24, 2022 Author Share Posted May 24, 2022 (edited) 2 minutes ago, trurl said: Doesn't seem to happen to anyone else. How are you doing this exactly? ctrl V to paste from snagit, i even delete one of the screenshots but it puts it back after i save Edited May 24, 2022 by Joedy Quote Link to comment
ljm42 Posted May 24, 2022 Share Posted May 24, 2022 13 minutes ago, Joedy said: Well thats just not real good as it is a multi domain wildcard cert and that is not an option for it, we use this certificate through our enterprise setup. I am sorry that you are unable to use your existing wildcard certificate. It should not have worked under 6.9.2 either, if it did it was an accident. One of the major focuses of Unraid 6.10 is security, as such we are being very strict about certificates and ensuring the server only responds to specific urls. You might consider getting a certificate specifically for "backup.horts.com.au" Quote Link to comment
Joedy Posted May 24, 2022 Author Share Posted May 24, 2022 (edited) 5 hours ago, ljm42 said: I am sorry that you are unable to use your existing wildcard certificate. It should not have worked under 6.9.2 either, if it did it was an accident. One of the major focuses of Unraid 6.10 is security, as such we are being very strict about certificates and ensuring the server only responds to specific urls. You might consider getting a certificate specifically for "backup.horts.com.au" A multi domain wildcard cert is just as secure as any cert if not more secure and most Enterprises run of SAN certs these days so they dont have to have 20 different certificates. i would not count it as a mistake that it worked in 6.9.2 as it was one of the reasons we moved to unraid because we could secure it for an enterprise enviroment and our other systems use the certificate to secure the connects between them. Is their maybe a work around with this or rolling back is my only option? thanks heaps for your help. Edited May 24, 2022 by Joedy Quote Link to comment
trurl Posted May 24, 2022 Share Posted May 24, 2022 15 minutes ago, Joedy said: puts it back after i save I was able to delete one without any problem. Something about what you are doing must be pasting it twice. If you edit the post, you can see the attachments listed separately and delete them. 1 Quote Link to comment
Joedy Posted May 24, 2022 Author Share Posted May 24, 2022 2 minutes ago, trurl said: I was able to delete one without any problem. Something about what you are doing must be pasting it twice. If you edit the post, you can see the attachments listed separately and delete them. yes attachment worked but if i delete it directly off the post it puts it back CTRL V is all i am doing to paste into a post, using windows 11 Quote Link to comment
ChatNoir Posted May 24, 2022 Share Posted May 24, 2022 Happens to me too, I simply delete one from the attachement window each time. Quote Link to comment
hawihoney Posted May 24, 2022 Share Posted May 24, 2022 5 hours ago, trurl said: Doesn't seem to happen to anyone else. Oh, this is happening to me all the time as well. Just put a picture into the clipboard and paste it into the text. The picture appears twice, always. I need to remove one picture then, always. There's a report in the forum section. Quote Link to comment
ljm42 Posted May 26, 2022 Share Posted May 26, 2022 On 5/23/2022 at 6:13 PM, Joedy said: Is their maybe a work around with this or rolling back is my only option? Hi @Joedy, I dug into it a bit and realized that because of the improvements to SSL handling in Unraid 6.10 we can actually support the Subject Alternative Names in certificates now, and handle them properly. If you are ok testing a pre-release version of Unraid, 6.10.2-rc2 is available by going to Tools -> Update OS and choosing the "next" branch. It would be great if you could test and confirm that your wildcard cert works now. You would also need these settings: - Your Server name (on Settings -> Identification) should be "backup" - Your Local TLD (on Settings -> Management Access) should be "horts.com.au" This will make the url to the server: https://backup.horts.com.au If you aren't comfortable doing that, would you please send me a DM with your certificate file? Then I'll confirm it is being parsed correctly. Note: BEFORE sending the .pem file, open it in a text editor and remove everything between these lines: -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- That private key needs to stay on your servers, do not send it to anybody 1 1 Quote Link to comment
Joedy Posted May 26, 2022 Author Share Posted May 26, 2022 Thanks trying this now, will keep you posted 1 Quote Link to comment
Joedy Posted May 26, 2022 Author Share Posted May 26, 2022 1 hour ago, ljm42 said: Hi @Joedy, I dug into it a bit and realized that because of the improvements to SSL handling in Unraid 6.10 we can actually support the Subject Alternative Names in certificates now, and handle them properly. If you are ok testing a pre-release version of Unraid, 6.10.2-rc2 is available by going to Tools -> Update OS and choosing the "next" branch. It would be great if you could test and confirm that your wildcard cert works now. You would also need these settings: - Your Server name (on Settings -> Identification) should be "backup" - Your Local TLD (on Settings -> Management Access) should be "horts.com.au" This will make the url to the server: https://backup.horts.com.au If you aren't comfortable doing that, would you please send me a DM with your certificate file? Then I'll confirm it is being parsed correctly. Note: BEFORE sending the .pem file, open it in a text editor and remove everything between these lines: -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- That private key needs to stay on your servers, do not send it to anybody Did all this but the https gives a 404 error now, cant login to the server through the gui as it just keeps going back to the login screen under http. can login to the CLI without issue. have a dig around to see whats happening. Quote Link to comment
ljm42 Posted May 26, 2022 Share Posted May 26, 2022 Please connect via SSH and type "use_ssl no", then you will be able to access the server via http. It will tell you the specific url. If you get an error when logging in, please clear your browser cache. Then grab the diagnostics.zip file (from Tools -> Diagnostics) and upload it here Quote Link to comment
Joedy Posted May 26, 2022 Author Share Posted May 26, 2022 21 minutes ago, ljm42 said: Please connect via SSH and type "use_ssl no", then you will be able to access the server via http. It will tell you the specific url. If you get an error when logging in, please clear your browser cache. Then grab the diagnostics.zip file (from Tools -> Diagnostics) and upload it here i can unc into the server so just changed the ident.cfg file, it is having issues letting go of the unraid cert so just trying to settle it and then i can try again Quote Link to comment
Joedy Posted May 26, 2022 Author Share Posted May 26, 2022 pm you my Cert so you can see the issues, does not want to use it rather than the unraid cert Quote Link to comment
Joedy Posted May 26, 2022 Author Share Posted May 26, 2022 This was sorted by upgrading to 6.10 Rc2 few steps involved but does recognise our Multi domain wildcard Cert (SAN) Thanks to Ijm42 for the help. Quote Link to comment
ljm42 Posted May 26, 2022 Share Posted May 26, 2022 Woohoo! Glad this is confirmed to work. FYI to anyone else trying this - Fix Common Problems doesn't know that we support this type of cert yet so it will complain that the cert has an invalid url. Please ignore that, I need to update FCP Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.