leres at xse.com
Mon Mar 22 00:43:45 HKT 2021
On 3/21/21 6:31 AM, Michael Balzer wrote:
> I have now added that as a standard feature and included an info on how
> to create a cert + key in the webserver configuration.
This is awesome!
But I'm having trouble getting it to work. I suspect I don't understand
how certs work with ovms.
A long time ago, with the help of some friends, I wrote a /bin/sh script
to generate self signed certs:
What I am expecting is the cn in the certificate to match the https
hostname, e.g. ovms-dev.alameda.xse.com and I know my browser does not
like it if I navigate to https://ovms-dev.alameda.xse.com/ and the
certificate returned does not match.
dot 60 % openssl x509 -text -noout -in
Version: 3 (0x2)
Serial Number: 56 (0x38)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = CA, L = Alameda, O = XSE, OU =
Certificate Authorities, CN = XSE Root CA 4, emailAddress = root at xse.com
Not Before: Mar 21 16:28:03 2021 GMT
Not After : Mar 5 16:28:03 2087 GMT
Subject: CN = ovms-dev.alameda.xse.com, emailAddress =
root at xse.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
but when I upload the pem and key files it doesn't like the private key:
TLS private key must be in PEM PRIVATE KEY format
I've never used "subjectAltName=IP:192.168.4.1", is that required?
FYI I also use the certificates generated with create-cert for client
More information about the OvmsDev