[Ovmsdev] mongoose-wolfssl

Craig Leres leres at xse.com
Mon Mar 22 00:43:45 HKT 2021

On 3/21/21 6:31 AM, Michael Balzer wrote:
> I have now added that as a standard feature and included an info on how 
> to create a cert + key in the webserver configuration.

This is awesome!

But I'm having trouble getting it to work. I suspect I don't understand 
how certs work with ovms.

A long time ago, with the help of some friends, I wrote a /bin/sh script 
to generate self signed certs:


What I am expecting is the cn in the certificate to match the https 
hostname, e.g. ovms-dev.alameda.xse.com and I know my browser does not 
like it if I navigate to https://ovms-dev.alameda.xse.com/ and the 
certificate returned does not match.

I have:

     dot 60 % openssl x509 -text -noout -in 
             Version: 3 (0x2)
             Serial Number: 56 (0x38)
             Signature Algorithm: sha256WithRSAEncryption
             Issuer: C = US, ST = CA, L = Alameda, O = XSE, OU = 
Certificate Authorities, CN = XSE Root CA 4, emailAddress = root at xse.com
                 Not Before: Mar 21 16:28:03 2021 GMT
                 Not After : Mar  5 16:28:03 2087 GMT
             Subject: CN = ovms-dev.alameda.xse.com, emailAddress = 
root at xse.com
             Subject Public Key Info:
                 Public Key Algorithm: rsaEncryption
                     RSA Public-Key: (2048 bit)

but when I upload the pem and key files it doesn't like the private key:

     TLS private key must be in PEM PRIVATE KEY format

I've never used "subjectAltName=IP:", is that required?

FYI I also use the certificates generated with create-cert for client 
certificate authentication.


More information about the OvmsDev mailing list