Unable to configure local CA or systems using DNS names
Activity
Ken Moore August 12, 2021 at 3:03 PM
Oh, one note about saving new CA's.
I noticed a caveat/warning in our toolkit docs that said that the system certificates list used by the toolkit might not automatically resync when new CAs are added to the system. If you import a new CA and it does not appear to be getting used, try restarting the TC container and see if it works after that.
Ken Moore August 12, 2021 at 2:59 PM
Yes, the changes for this ticket are in the latest nightlies.
I have tested all the iterations of system registrations on the nightly as well (IP, DNS, IP+custom port, DNS+custom port), and am not seeing any issues connecting to systems. I even went and enabled the http -> https redirect option on a NAS here and ran through the tests again without any issues.
Basil Hendroff August 12, 2021 at 3:54 AM
Is this in the latest nightly so can test it? If so, can you test and let me know how you go. I'll update the table in the community thread TC 2 Issues with the results.
Heracles31 August 5, 2021 at 5:54 PM(edited)
Hi,
Indeed, I do have HTTP to HTTPS redirect enabled in my TrueNAS. I also confirmed it is working by calling it HTTP and ending up on HTTPS.
Here, you will find a pcap file captured from the docker host running TC with only filter "host 172.24.128.146" which is the IP address on Atlas. There is also a complete copy of the middleware log you asked before instead of just a single entry. I played with the setup a few times, changing from a name to another and back to the IP address.
https://cloud.jblan.org/s/i2weNoZ5ewSYDr8
Ken Moore August 5, 2021 at 5:11 PM
I am actually looking into the connection issues now.
As a quick check though, could you see if you have the HTTP -> HTTPS redirect option enabled on the NAS side? I am seeing two different connection routines in TC depending on if that flag is enabled on the NAS, and that will help me narrow down which "channel" the issue exists in.
Description also available at :
https://www.truenas.com/community/threads/truecommand-2-issues.93712/page-2#post-653638
First problem is that I can not upload a local CA certificate. File or Copy-N-Pasted text both leave the IMPORT button greyed out.
Can not add a system using its DNS name. TC never connects to it and TCPDump does not even sees it trying to. Still, when opening a shell inside TC's container, "openssl s_client -connect atlas:443" is successful, so no network / config problem up to the very container iteself.
TC does not validate certificates at all, even when all options requiring it are ON. If I point my server to TC with its IP address, TC will connect without a word despite the certificate contains only a DNS name and it server's previous IP address which is not the same as of today.
In the past, I provided you with certificates. Should you need some, I can create you a new key pair and provide you with my CA (a 4096 bits key....)