Certificate upload Error

mrmarkuz · December 17, 2024, 10:30pm

Thanks for clarifying.

Following is used to get the subject:

openssl x509 -noout -subject -in yourcertificate.crt -nameopt sep_multiline -nameopt utf8

Then the domain is extracted out of the subject.
I checked a certificate from CyberGhost and the CN was just a bunch of letters instead of a domain. As far as I can see it’s just used for the redis key name so as long as it’s not empty it shouldn’t matter.

github.com

NethServer/ns8-traefik/blob/main/imageroot/actions/upload-certificate/23export_certificates#L34


      
          
          # read the common name from the certificate
          result = subprocess.run(
              ['openssl', 'x509', '-noout', '-subject', '-in', '/dev/stdin', '-nameopt', 'sep_multiline', '-nameopt', 'utf8'],
              input=cert,
              capture_output=True,
              text=True
          )
          
          subject = result.stdout
          domain = {'main': subject.split("\n")[1].split("CN=")[1]}
          
          # save the certificate and key in redis
          rdb = agent.redis_connect(privileged=True)
          rkey = f'module/{module_id}/certificate/{domain["main"]}'
          rdb.hset(rkey, mapping={"cert": data["certFile"], "key": data["keyFile"], "custom": "true"})
          
          # signal the certificate-updated event
          event_key = f'module/{module_id}/event/certificate-updated'
          event = {"rkey": rkey, "node": node_id, "module": module_id, "domain": domain, "custom": True}
          rdb.publish(event_key, json.dumps(event))