On 3/21/21 6:31 AM, Michael Balzer wrote:
I have now added that as a standard feature and included an info on how to create a cert + key in the webserver configuration.
This is awesome! But I'm having trouble getting it to work. I suspect I don't understand how certs work with ovms. A long time ago, with the help of some friends, I wrote a /bin/sh script to generate self signed certs: https://ee.lbl.gov/downloads/create-cert/create-cert.tar.gz What I am expecting is the cn in the certificate to match the https hostname, e.g. ovms-dev.alameda.xse.com and I know my browser does not like it if I navigate to https://ovms-dev.alameda.xse.com/ and the certificate returned does not match. I have: dot 60 % openssl x509 -text -noout -in certs/ovms-dev.alameda.xse.com.pem Certificate: Data: Version: 3 (0x2) Serial Number: 56 (0x38) Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = CA, L = Alameda, O = XSE, OU = Certificate Authorities, CN = XSE Root CA 4, emailAddress = root@xse.com Validity Not Before: Mar 21 16:28:03 2021 GMT Not After : Mar 5 16:28:03 2087 GMT Subject: CN = ovms-dev.alameda.xse.com, emailAddress = root@xse.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) [...] but when I upload the pem and key files it doesn't like the private key: Error! TLS private key must be in PEM PRIVATE KEY format I've never used "subjectAltName=IP:192.168.4.1", is that required? FYI I also use the certificates generated with create-cert for client certificate authentication. Craig