New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow adding certificate chains #110

Closed
andofrjando opened this Issue Nov 6, 2015 · 3 comments

Comments

Projects
None yet
3 participants
@andofrjando

andofrjando commented Nov 6, 2015

A lot of certificates issued by certification authorities don't sign with their root certificate, but sign with their intermediate certificate. These certificates can't be used with nzbget to enable HTTPS as it doesn't allow adding the certificate chain file. I have tried concatenating the root, intermediate and server certificates into one certificate file, but that did't work.

@hugbug

This comment has been minimized.

Show comment
Hide comment
@hugbug

hugbug Nov 6, 2015

Member

I'll try to implement this but I can't test. I could send you a compiled test version or changed source if you compile yourself. Send me a note to nzbget@gmail.com with an info which OS/CPU you run nzbget on.

Member

hugbug commented Nov 6, 2015

I'll try to implement this but I can't test. I could send you a compiled test version or changed source if you compile yourself. Send me a note to nzbget@gmail.com with an info which OS/CPU you run nzbget on.

hugbug added a commit that referenced this issue Nov 6, 2015

#110: accepting certificate chains in option SecureCert
The built-in web-server can now use certificate chain files through
option “SecureCert”, when compiled using OpenSSL.

hugbug added a commit that referenced this issue Nov 6, 2015

#110: accepting certificate chains in option SecureCert
The built-in web-server can now use certificate chain files through
option “SecureCert”, when compiled using OpenSSL.
@sselph

This comment has been minimized.

Show comment
Hide comment
@sselph

sselph Nov 7, 2015

I compiled and tested the 110-tls-cert-chain branch and running:

openssl s_client <address>

I got:

Certificate chain
 0 s:/C=US/CN=<address>/emailAddress=<email>
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority

where I used to get:

Certificate chain
 0 s:/C=US/CN=<address>/emailAddress=<email>
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA

So it looks like it works!

sselph commented Nov 7, 2015

I compiled and tested the 110-tls-cert-chain branch and running:

openssl s_client <address>

I got:

Certificate chain
 0 s:/C=US/CN=<address>/emailAddress=<email>
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority

where I used to get:

Certificate chain
 0 s:/C=US/CN=<address>/emailAddress=<email>
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA

So it looks like it works!

@andofrjando

This comment has been minimized.

Show comment
Hide comment
@andofrjando

andofrjando Nov 7, 2015

I have just built the 110-tls-cert-chain branch on Ubuntu 14.04.02 and can confirm that this now works using the concatenated certificate chain as the server certificate.
Thank you.

andofrjando commented Nov 7, 2015

I have just built the 110-tls-cert-chain branch on Ubuntu 14.04.02 and can confirm that this now works using the concatenated certificate chain as the server certificate.
Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment