Hi Seems somebody else reported this issue in github https://github.com/uyuni-project/uyuni/issues/5830 Follow that to find fixes soon. Am Dienstag, 16. August 2022, 18:06:12 CEST schrieb Martin:
Hi
I tried it with the intermediate (cross-signed and self-signed):
$> mgr-ssl-cert-setup --root-ca-file=/home/certs/isrg-root-x1-cross-signed.pem \ --intermediate-ca-file=/home/certs/lets-encrypt-r3.pem \ --server-cert-file=/home/certs/uyuni.crt.pem \ --server-key-file=/home/certs/uyuni.key.pem
ERROR: Incomplete CA Chain. Unable to find issuer of 'C = US, O = Internet Security Research Group, CN = ISRG Root X1'
$> mgr-ssl-cert-setup --root-ca-file=/home/certs/isrgrootx1.pem \ --intermediate-ca-file=/home/certs/lets-encrypt-r3.pem \ --server-cert-file=/home/certs/uyuni.crt.pem \ --server-key-file=/home/certs/uyuni.key.pem
ERROR: 'authorityKeyIdentifier'
I can create a test certificate for you. The certificate I use is a wildcard certificate - could that make a difference?
Best regards
Martin
Am 16.08.22 um 16:27 schrieb Michael Calmer:
Hi
Looking at the picture at https://letsencrypt.org/certificates/
you need 2 CAs. R3 which is an intermediate CA and ISGR Root X1 which seems to be the Root CA.
$> mgr-ssl-cert-setup --root-ca-file=/home/certs/lets-encrypt-isgr-x1.pem \ --intermediate-ca-file=/home/certs/lets-encrypt-r3.pem \ --server-cert-file=/home/certs/uyuni.crt.pem \ --server-key-file=/home/certs/uyuni.key.pem
It might be that there is a bug, but I would need such certificates to test it. (The private key should not be send. I can test without the key)
Regards
Michael
Am Dienstag, 16. August 2022, 14:14:21 CEST schrieb Martin:
Hello all
I have created a new certificate for my internal Uyuni server using Let's encrypt.
But I have some trouble to activate this certificate:
# mgr-ssl-cert-setup --server-cert-file=/home/certs/uyuni.crt.pem --server-key-file=/home/certs/uyuni.key.pem Root CA is required
I'm not the issue - there ars some certificates on https://letsencrypt.org/certificates/
With R3:
# mgr-ssl-cert-setup --root-ca-file=/home/certs/lets-encrypt-r3.pem --server-cert-file=/home/certs/uyuni.crt.pem --server-key-file=/home/certs/uyuni.key.pem
ERROR: Incomplete CA Chain. Unable to find issuer of 'C = US, O = Let's Encrypt, CN = R3'
With fullchain.pem from Let's encrypt:
# mgr-ssl-cert-setup --root-ca-file=/home/certs/fullchain.pem --server-cert-file=/home/certs/uyuni.crt.pem --server-key-file=/home/certs/uyuni.key.pem
ERROR: Incomplete CA Chain. Unable to find issuer of 'C = US, O = Internet Security Research Group, CN = ISRG Root X1''
Some ideas?
The certificate is valid - I can use it as apache certificate for the uyuni website and the browser says it is ok :)
Best regards
Martin
-- Regards Michael Calmer -------------------------------------------------------------------------- Michael Calmer SUSE Software Solutions Germany GmbH, Frankenstraße 146, D-90461 Nuernberg T: +49 (0) 911 74053 0 F: +49 (0) 911 74053575 - e-mail: Michael.Calmer@suse.com -------------------------------------------------------------------------- SUSE Software Solutions Germany GmbH, GF: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman (HRB 36809, AG Nürnberg)