Thanks for the great work on NS8, I am building out an NS8 cluster to migrate from NS7 and am having issues uploading my wildcard SSL cert.
On NS7 it was required to upload a certificate, private key and certificate chain file. I have a wildcard cert for *.forpgd.com which is uploaded and currently working on my NS7 install.
I have installed NS8 on rocky linux 9.5 and I want to upload the same certificate to the new cluster to then start migrating the apps/data across.
On NS8 When I go to Settings->TLS Certificates and upload I am asked for a private key and then a cert file and there is a note on the cert section saying ‘Chain of certificates must be in the same file.’
I have tried to upload the key and certificate files and I get a validation error:
Error:
CN=*.forpgd.com
error 20 at 0 depth lookup: unable to get local issuer certificate
error uploaded_cert: verification failed
If I try something different and copy and paste the cert file and chain into 1 file then I get a ‘key did not generate cert’ error.
My question is what is the required format of the CRT/chain file as I would need to put them in one file as they are seperate when required from the certificate issuer? I have checked the documentation but could not find anything.
DNS is setup correctly as it is already in place for NS7.
If you need anymore information or log output please let me know.
AFAIK, you need a freshly installed NS8 without any Apps installed to migrate from NS7 (And I have migrated more than 10 NS7 for clients…). So my main question is: What are you building out, and why certs BEFORE the migration?
Maybe this is just a “Read The Fine Manual” issue…
Thanks for your reply, you make a good point. I do not have any apps installed, all I did was a fresh NS8 install then enabled nethforge repository and the next step was going to be the certs before I did the migration.
Why certs prior to migration? As the migration does not handle cert import it just made logical sense to me to have them in place first. If it is recommended to migrate first then upload the cert then I can try that I guess?
As for what I am building, NS8 with nextcloud,mattermost, sogo, mail and collabora migrated from ns7
I can give it a go but not sure how or if that will change my cert upload issue.
