Hi,
I've read an old topic mentioning the usage of intermediate certificates.
I've not found any other information.
Is it supported and how can we use it?
Thanks
Intermediate certificate
Forum rules
Help us help you:
Help us help you:
- Are you using the latest stable version of SABnzbd? Downloads page.
- Tell us what system you run SABnzbd on.
- Adhere to the forum rules.
- Do you experience problems during downloading?
Check your connection in Status and Interface settings window.
Use Test Server in Config > Servers.
We will probably ask you to do a test using only basic settings. - Do you experience problems during repair or unpacking?
Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Re: Intermediate certificate
It's not supported.
-
cookiedelu
- Newbie
- Posts: 2
- Joined: December 10th, 2011, 1:29 pm
Re: Intermediate certificate
Hi,
Can the team think about to make it supported?
I guess a lot of people like me have an opportunity to use one provided by their dns for free or a cheap cost.
It would be really appreciated.
Can the team think about to make it supported?
I guess a lot of people like me have an opportunity to use one provided by their dns for free or a cheap cost.
It would be really appreciated.
Re: Intermediate certificate
I did something similar, where I created a server certificate for use with sabnzbd and FreeNAS. I have an existing OpenVPN install, so I used the CA created for that to sign a cert, imported the OpenVPN CA as trusted into my web browsers to stop errors from popping up. It wasn't terribly complicated, but I'm not sure I'd recommend it to someone who isn't familiar with SSL.
Re: Intermediate certificate
It works for me.
I don't know if something was updated to make this work since this thread was started but it works if you place the CA and intermediate certs in the same file.
Create a new file and paste the two certs after eachother like this:
-----BEGIN CERTIFICATE-----
The CA certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
The Intermediate certificate
-----END CERTIFICATE-----
I don't know if something was updated to make this work since this thread was started but it works if you place the CA and intermediate certs in the same file.
Create a new file and paste the two certs after eachother like this:
-----BEGIN CERTIFICATE-----
The CA certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
The Intermediate certificate
-----END CERTIFICATE-----
Re: Intermediate certificate
If someone can explain how any support for this can be implemented in SABnzbd, I would welcome it.
As it is now, I have no idea how this "intermediate" CA stuff is supposed to work
and frankly I don't have the time to study the matter.
As it is now, I have no idea how this "intermediate" CA stuff is supposed to work
and frankly I don't have the time to study the matter.
Re: Intermediate certificate
I don't know if this might help.
When you have a chained certificate you have three files instead of two; Key, CA certificate and the intermediate certificate.
The Cherrypy class pyOpenSSLAdapter can take a third argument, certificate_chain. That is the intermediate certificate.
http://docs.cherrypy.org/stable/refman/ ... enssl.html
Edit: I noticed that my first post about putting the certs in the same file isn't true. Firefox want it to be chained correctly as described in this post. Chrome and IE doesn't seem to care about the intermediate certificate (that's why i thought it worked).
When you have a chained certificate you have three files instead of two; Key, CA certificate and the intermediate certificate.
The Cherrypy class pyOpenSSLAdapter can take a third argument, certificate_chain. That is the intermediate certificate.
http://docs.cherrypy.org/stable/refman/ ... enssl.html
Edit: I noticed that my first post about putting the certs in the same file isn't true. Firefox want it to be chained correctly as described in this post. Chrome and IE doesn't seem to care about the intermediate certificate (that's why i thought it worked).
Re: Intermediate certificate
Is there any way to avoid adding a CA to the browser(s)?
Is this something that can be "fixed" on the server (SABnzbd) side only?
Is this something that can be "fixed" on the server (SABnzbd) side only?
Re: Intermediate certificate
If I understand your question correctly the answer is that it depends the certificate. The certificate must be issued by a company like Comodo, Verisign or Thawte etc, who verify that the domain belongs to you. (I bought mine cheap from Alpha SSL)
I don't know how sabnzbd loads the certificates today but I assumed it was with that cherrypy library I mentioned in my previous post. I any case single file certificates should work good already.
For chained crtificates to work we must be able to specify one more file in the sabnzbd HTTPS settings (the intermediate certificate). Then sabnzbd could use pyOpenSSL to load key+cert if intermediate isn't specified or else to load all three files. If the certificate is good, nothing will have to be added to the browser and you will get the nice green padlock.
A self signed certificate that is created with openssl on the server will always give certificate warnings and it need to be added to the browser to get rid of those warnings.
I don't know how sabnzbd loads the certificates today but I assumed it was with that cherrypy library I mentioned in my previous post. I any case single file certificates should work good already.
For chained crtificates to work we must be able to specify one more file in the sabnzbd HTTPS settings (the intermediate certificate). Then sabnzbd could use pyOpenSSL to load key+cert if intermediate isn't specified or else to load all three files. If the certificate is good, nothing will have to be added to the browser and you will get the nice green padlock.
A self signed certificate that is created with openssl on the server will always give certificate warnings and it need to be added to the browser to get rid of those warnings.