Am 21.03.21 um 17:43 schrieb Craig Leres:
On 3/21/21 6:31 AM, Michael Balzer wrote:
I have now added that as a standard feature and included an info on how to create a cert + key in the webserver configuration.
This is awesome!
But I'm having trouble getting it to work. I suspect I don't understand how certs work with ovms.
A long time ago, with the help of some friends, I wrote a /bin/sh script to generate self signed certs:
Your script creates a CA as well and takes care of optional details. That's much more simple if all you need is a cert/key pair for encryption.
What I am expecting is the cn in the certificate to match the https hostname, e.g. ovms-dev.alameda.xse.com and I know my browser does not like it if I navigate to https://ovms-dev.alameda.xse.com/ and the certificate returned does not match.
Of course you need to create the certificate for the hostnames and IP addresses you use. CN is the primary hostname, additional hostnames and IP addresses are added using the "Subject Alternative Name" extension. If you're using a dyndns or fixed IP entry like "ovms-dev.alameda.xse.com" as your primary address, set that as the CN. Example: openssl req -x509 -newkey rsa:2048 -sha256 -days 3650 -nodes \ -keyout ovms.key -out ovms.crt -subj "/CN=test1.local" \ -addext "subjectAltName=DNS:test1.dexters-web.de,IP:192.168.4.1,IP:192.168.2.106" => Certificate: … Subject: CN = test1.local … X509v3 Subject Alternative Name: DNS:test1.dexters-web.de, IP Address:192.168.4.1, IP Address:192.168.2.106
but when I upload the pem and key files it doesn't like the private key:
Error! TLS private key must be in PEM PRIVATE KEY format
You probably copied the wrong section. You need to copy the full PEM text including the BEGIN and END lines, as suggested by the placeholder for the textarea.
I've never used "subjectAltName=IP:192.168.4.1", is that required?
Only if you want to be able to access the OVMS AP by https://192.168.4.1/ . Regards, Michael -- Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal Fon 02333 / 833 5735 * Handy 0176 / 206 989 26