[Ovmsdev] mongoose-wolfssl
Craig Leres
leres at xse.com
Mon Mar 22 00:43:45 HKT 2021
On 3/21/21 6:31 AM, Michael Balzer wrote:
> I have now added that as a standard feature and included an info on how
> to create a cert + key in the webserver configuration.
This is awesome!
But I'm having trouble getting it to work. I suspect I don't understand
how certs work with ovms.
A long time ago, with the help of some friends, I wrote a /bin/sh script
to generate self signed certs:
https://ee.lbl.gov/downloads/create-cert/create-cert.tar.gz
What I am expecting is the cn in the certificate to match the https
hostname, e.g. ovms-dev.alameda.xse.com and I know my browser does not
like it if I navigate to https://ovms-dev.alameda.xse.com/ and the
certificate returned does not match.
I have:
dot 60 % openssl x509 -text -noout -in
certs/ovms-dev.alameda.xse.com.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 56 (0x38)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = CA, L = Alameda, O = XSE, OU =
Certificate Authorities, CN = XSE Root CA 4, emailAddress = root at xse.com
Validity
Not Before: Mar 21 16:28:03 2021 GMT
Not After : Mar 5 16:28:03 2087 GMT
Subject: CN = ovms-dev.alameda.xse.com, emailAddress =
root at xse.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
[...]
but when I upload the pem and key files it doesn't like the private key:
Error!
TLS private key must be in PEM PRIVATE KEY format
I've never used "subjectAltName=IP:192.168.4.1", is that required?
FYI I also use the certificates generated with create-cert for client
certificate authentication.
Craig
More information about the OvmsDev
mailing list