News: This forum is now permanently frozen.
Pages: [1]
Topic: webGUI SSL-Certificates with 4096 Bit not accepted?  (Read 2040 times)
« on: November 28, 2013, 14:54:11 »
tobsen02 *
Posts: 5

Hi there,

I wanted to update the webGUI SSL-Certificate in System->Advanced. It worked with an 2048 Keypair without problems. No we changed to 4096 Bit, but the key is not accepted (other servers like apache or tomcat accept this key). The following Error appears

Quote
The following input errors were detected: This key does not appear to be valid.

We're running m0n0wall 1.34 on PC Engines ALIX.

Any suggeations are highly appreciated.
« Reply #1 on: November 28, 2013, 16:03:46 »
Lennart Grahl ***
Posts: 153

I had a look at system_advanced.php.
This error message will only appear if your key does not start with "BEGIN RSA PRIVATE KEY" or does not end with "END RSA PRIVATE KEY".
« Reply #2 on: November 28, 2013, 16:48:33 »
tobsen02 *
Posts: 5

I had a look at system_advanced.php.
This error message will only appear if your key does not start with "BEGIN RSA PRIVATE KEY" or does not end with "END RSA PRIVATE KEY".
Thanks. This did the trick. But the webGUI doesn't start anymore. Now I'm not able to manage it anymore. Or is there a hint to change the cert using serial console? Otherwise I'm stuck Sad
« Reply #3 on: November 29, 2013, 20:27:57 »
Lee Sharp *****
Posts: 517

From the console you can change back to http, I think...  It has been a while.
« Reply #4 on: November 29, 2013, 20:32:36 »
tobsen02 *
Posts: 5

From the console you can change back to http, I think...  It has been a while.
Thanks for your reply, but I've seen the console just yesterday. There is no (visible or documented invisible) option for that.

This is documented here:
Quote
serial console interface for recovery
* set LAN IP address
* reset password
* restore factory defaults
* reboot system
« Reply #5 on: November 29, 2013, 23:16:18 »
Fred Grayson *****
Posts: 994

Select Set LAN IP address, specify the address and netmask and enable the DHCP server if desired, and if so specify the scope. At that point you will be offered to revert to http for GUI asccess.

--
Google is your friend and Bob's your uncle.
« Reply #6 on: November 29, 2013, 23:30:12 »
tobsen02 *
Posts: 5

Select Set LAN IP address, specify the address and netmask and enable the DHCP server if desired, and if so specify the scope. At that point you will be offered to revert to http for GUI asccess.
Grin Sir you are my personal hero. Thanks so much, got back on the webinterface with that. Perfect. Thanks!

Note to self: Generate a 2048 Bit certificate. That worked Smiley
« Reply #7 on: November 29, 2013, 23:34:51 »
Fred Grayson *****
Posts: 994

Yer welcome.

--
Google is your friend and Bob's your uncle.
« Reply #8 on: November 30, 2013, 19:17:42 »
Lee Sharp *****
Posts: 517

I knew it was there somewhere. Smiley  But I had not been in a console for so long I had forgotten where it was. Smiley
« Reply #9 on: December 01, 2013, 15:00:58 »
tobsen02 *
Posts: 5

I knew it was there somewhere. Smiley 
You've been right. I didn't assume it to be somwhere in step 2 or 3.
« Reply #10 on: December 01, 2013, 15:12:29 »
Fred Grayson *****
Posts: 994

That's called buried treasure  Cool

--
Google is your friend and Bob's your uncle.
« Reply #11 on: December 02, 2013, 00:15:14 »
Lee Sharp *****
Posts: 517

I may have forgotten more than some people know, but I can't remember...  Grin
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines