Unraid 6.10.1 SSL


Go to solution Solved by ljm42,

Recommended Posts

I had my own custom Wildcard ssl certificate, 

 

After upgrading to 6.10.1 it now does not give me th eoption and has an unraid wildcard instead.

 

How do i get it to use mine again?

 

 

 

image.png

Edited by Joedy
Link to comment
13 hours ago, Joedy said:

I had my own custom Wildcard ssl certificate, 

 

After upgrading to 6.10.1 it now does not give me th eoption and has an unraid wildcard instead.

 

How do i get it to use mine again?

 

It looks like you Provisioned a myunraid.net cert. That is fine, in 6.10 you can use your own custom cert as well.

 

The Settings -> Management Access page does not show details about personal certs but they do work fine.  You have to make sure to set the Server Name and Local TLD of the server to match the Subject of the certificate.  Wildcards are supported too.

 

Full instructions are in the manual:
  https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29
Start with the "a few details before we begin" section and then scroll down to "Custom Certificates"

 

If you have any questions, tell me the url that you want to use to access the server and I will tell you how to set the server name, Local TLD, and certificate.

Link to comment
5 hours ago, ljm42 said:

 

It looks like you Provisioned a myunraid.net cert. That is fine, in 6.10 you can use your own custom cert as well.

 

The Settings -> Management Access page does not show details about personal certs but they do work fine.  You have to make sure to set the Server Name and Local TLD of the server to match the Subject of the certificate.  Wildcards are supported too.

 

Full instructions are in the manual:
  https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29
Start with the "a few details before we begin" section and then scroll down to "Custom Certificates"

 

If you have any questions, tell me the url that you want to use to access the server and I will tell you how to set the server name, Local TLD, and certificate.

Ok thanks will give it a try

 

so it is not TLD anymore it is the machines full domain name

Link to comment
On 5/24/2022 at 2:08 AM, ljm42 said:

 

It looks like you Provisioned a myunraid.net cert. That is fine, in 6.10 you can use your own custom cert as well.

 

The Settings -> Management Access page does not show details about personal certs but they do work fine.  You have to make sure to set the Server Name and Local TLD of the server to match the Subject of the certificate.  Wildcards are supported too.

 

Full instructions are in the manual:
  https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29
Start with the "a few details before we begin" section and then scroll down to "Custom Certificates"

 

If you have any questions, tell me the url that you want to use to access the server and I will tell you how to set the server name, Local TLD, and cerserverstificate.

 

"Sorry about the double up of screen shots but when I paste into the forum it puts double in for some reason."

 

 

I tried to do it bother ways with the wildcard cert I have but it wont pick up the local Certificate and if I dont provision the unraid cert I cant use the My Servers

 

 

 

 

 

 

 

image.png

image.png

Edited by Joedy
Link to comment

You showed a screenshot of your browser where it showed you the certificate information. Click the Details tab and find the "Subject" field. What url is listed there in the "Subject" field? A screenshot of this would be great.

 

What url do you want to use to access the server?

Link to comment
3 hours ago, ljm42 said:

You showed a screenshot of your browser where it showed you the certificate information. Click the Details tab and find the "Subject" field. What url is listed there in the "Subject" field? A screenshot of this would be great.

 

And what url do you want to use to access the server?

The url to access the server is 

 

https://backup.horts.com.au

 

the cert screenshots is just the unraid cert not my actual certificate.

 

 

image.png

Edited by Joedy
remove one attachment
Link to comment
3 hours ago, ljm42 said:

You showed a screenshot of your browser where it showed you the certificate information. Click the Details tab and find the "Subject" field. What url is listed there in the "Subject" field? A screenshot of this would be great.

 

What url do you want to use to access the server?

this is the cert it should be using, was using before the upgrade Multi domain wildcard Certificate

 

 

 

image.png

Edited by trurl
delete duplicate screenshot
Link to comment
  • Solution

 

2 hours ago, Joedy said:

The url to access the server is 

https://backup.horts.com.au

 

To use this url:
  https://backup.horts.com.au

  • Your Server name (on Settings -> Identification) should be "backup"
  • Your Local TLD (on Settings -> Management Access) should be "horts.com.au"

When you change "Use SSL/TLS" to Yes, Unraid will automatically make a self-signed certificate with the "Subject" of "backup.horts.com.au" and place it on the flash drive here:
   config/ssl/certs/backup_unraid_bundle.pem
 

2 hours ago, Joedy said:

this is the cert it should be using, was using before the upgrade Multi domain wildcard Certificate

 

The screenshot you provided of your custom certificate uses the "Subject Alternative Name" field, which Unraid ignores. It sort of worked in 6.9.2, but only by accident. It will not work in Unraid 6.10.

 

If you want to provide your own certificate, you need to make sure the "Subject" of the certificate is either "backup.horts.com.au" or "*.horts.com.au". Then overwrite the certificate that Unraid created on your flash drive:

  config/ssl/certs/backup_unraid_bundle.pem

You can then change "Use SSL/TLS" back to No and then to Yes again to get it to see the cert. Or you can open a web terminal and run:

  /etc/rc.d/rc.nginx reload

 

Note that if the "Subject" of the cert is not correct, the certificate will be deleted and replaced with a self-signed cert that has the correct Subject.

  • Upvote 1
Link to comment
10 minutes ago, ljm42 said:

 

 

To use this url:
  https://backup.horts.com.au

  • Your Server name (on Settings -> Identification) should be "backup"
  • Your Local TLD (on Settings -> Management Access) should be "horts.com.au"

When you change "Use SSL/TLS" to Yes, Unraid will automatically make a self-signed certificate with the "Subject" of "backup.horts.com.au" and place it on the flash drive here:
   config/ssl/certs/backup_unraid_bundle.pem
 

 

The screenshot you provided of your custom certificate uses the "Subject Alternative Name" field, which Unraid ignores. It sort of worked in 6.9.2, but only by accident. It will not work in Unraid 6.10.

 

If you want to provide your own certificate, you need to make sure the "Subject" of the certificate is either "backup.horts.com.au" or "*.horts.com.au". Then overwrite the certificate that Unraid created on your flash drive:

  config/ssl/certs/backup_unraid_bundle.pem

You can then change "Use SSL/TLS" back to No and then to Yes again to get it to see the cert. Or you can open a web terminal and run:

  /etc/rc.d/rc.nginx reload

 

Note that if the "Subject" of the cert is not correct, the certificate will be deleted and replaced with a self-signed cert that has the correct Subject.

 

Well thats just not real good as it is a multi domain wildcard cert and that is not an option for it as the subject name is horts.com.au, we use this certificate through our enterprise setup.

 

bit disapointed this was changed and is now useless, the drives in the array do not show up if the certificate does not match and other areas have issues now because of this.

 

we will just roll back and use the older version as the new one provides no benifit to us, thanks heaps for your response.

 

 

Edited by Joedy
added subject name
Link to comment
2 minutes ago, trurl said:

Doesn't seem to happen to anyone else. How are you doing this exactly?

ctrl V to paste from snagit, i even delete one of the screenshots but it puts it back after i save

 

Edited by Joedy
Link to comment
13 minutes ago, Joedy said:

Well thats just not real good as it is a multi domain wildcard cert and that is not an option for it, we use this certificate through our enterprise setup.

 

I am sorry that you are unable to use your existing wildcard certificate. It should not have worked under 6.9.2 either, if it did it was an accident.

 

One of the major focuses of Unraid 6.10 is security, as such we are being very strict about certificates and ensuring the server only responds to specific urls.

 

You might consider getting a certificate specifically for "backup.horts.com.au"

Link to comment
5 hours ago, ljm42 said:

 

I am sorry that you are unable to use your existing wildcard certificate. It should not have worked under 6.9.2 either, if it did it was an accident.

 

One of the major focuses of Unraid 6.10 is security, as such we are being very strict about certificates and ensuring the server only responds to specific urls.

 

You might consider getting a certificate specifically for "backup.horts.com.au"

A multi domain wildcard cert is just as secure as any cert if not more secure and most Enterprises run of SAN certs these days so they dont have to have 20 different certificates. i would not count it as a mistake that it worked in 6.9.2 as it was one of the reasons we moved to unraid because we could secure it for an enterprise enviroment and our other systems use the certificate to secure the connects between them.

 

Is their maybe a work around with this or rolling back is my only option?

 

thanks heaps for your help.

Edited by Joedy
Link to comment
2 minutes ago, trurl said:

I was able to delete one without any problem. Something about what you are doing must be pasting it twice. If you edit the post, you can see the attachments listed separately and delete them.

yes attachment worked but if i delete it directly off the post it puts it back

 

CTRL V is all i am doing to paste into a post, using windows 11

Link to comment
5 hours ago, trurl said:

Doesn't seem to happen to anyone else.

 

Oh, this is happening to me all the time as well. Just put a picture into the clipboard and paste it into the text. The picture appears twice, always. I need to remove one picture then, always. There's a report in the forum section.

 

Link to comment
On 5/23/2022 at 6:13 PM, Joedy said:

Is their maybe a work around with this or rolling back is my only option?

 

Hi @Joedy, I dug into it a bit and realized that because of the improvements to SSL handling in Unraid 6.10 we can actually support the Subject Alternative Names in certificates now, and handle them properly.

 

If you are ok testing a pre-release version of Unraid, 6.10.2-rc2 is available by going to Tools -> Update OS and choosing the "next" branch. It would be great if you could test and confirm that your wildcard cert works now. You would also need these settings:

- Your Server name (on Settings -> Identification) should be "backup"

- Your Local TLD (on Settings -> Management Access) should be "horts.com.au"

This will make the url to the server:  https://backup.horts.com.au

 

If you aren't comfortable doing that, would you please send me a DM with your certificate file? Then I'll confirm it is being parsed correctly.

 

Note: BEFORE sending the .pem file, open it in a text editor and remove everything between these lines:
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

That private key needs to stay on your servers, do not send it to anybody :) 

  • Thanks 1
  • Upvote 1
Link to comment
1 hour ago, ljm42 said:

 

Hi @Joedy, I dug into it a bit and realized that because of the improvements to SSL handling in Unraid 6.10 we can actually support the Subject Alternative Names in certificates now, and handle them properly.

 

If you are ok testing a pre-release version of Unraid, 6.10.2-rc2 is available by going to Tools -> Update OS and choosing the "next" branch. It would be great if you could test and confirm that your wildcard cert works now. You would also need these settings:

- Your Server name (on Settings -> Identification) should be "backup"

- Your Local TLD (on Settings -> Management Access) should be "horts.com.au"

This will make the url to the server:  https://backup.horts.com.au

 

If you aren't comfortable doing that, would you please send me a DM with your certificate file? Then I'll confirm it is being parsed correctly.

 

Note: BEFORE sending the .pem file, open it in a text editor and remove everything between these lines:
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

That private key needs to stay on your servers, do not send it to anybody :) 

Did all this but the https gives a 404 error now, cant login to the server through the gui as it just keeps going back to the login screen under http. can login to the CLI without issue. have a dig around to see whats happening.

Link to comment
21 minutes ago, ljm42 said:

Please connect via SSH and type "use_ssl no", then you will be able to access the server via http. It will tell you the specific url. If you get an error when logging in, please clear your browser cache.

 

Then grab the diagnostics.zip file (from Tools -> Diagnostics) and upload it here

i can unc into the server so just changed the ident.cfg file, it is having issues letting go of the unraid cert so just trying to settle it and then i can try again

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.