Allow WebUI to use self-signed certs generated by external CA

[Fmstrat]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Is your feature request related to a problem? Please describe.

I have an enterprise CA set up that is not managed within OpnSense. From that CA, I generated a cert to be used for the web portal within OpnSense. When importing the cert, there is no way to set it to a "server" certificate unless the CA cert and private key have previously been imported.

This is a security issue in a least-privileged access infrastructure, as OpnSense, as an ingress, has no need to be given access to the CA private key.

Describe the solution you like

I should be able to import a certificate, and set it to "server", without requiring a CA to exist in OpnSense.

[fichtner]

The server property of the certificate has to be embedded into the certificate during generation or by the CA. Adding a CA and a private key for that CA and "setting" the server property simply allows you to reissue the certificate correctly and you could even delete the CA private key afterwards.

But my advice would be to generate a correct certificate in the first place.

Cheers,
Franco

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository,
please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue,
just let us know, so we can reopen the issue and assign an owner to it.