Hi Federico,
Thank you so much for fast response. I appreciate it! So, let me explain what I want to achieve: 1. I want my public openwisp server was available on valid SSL certificate. I have a practice to buy it from Comodo or SSLS rather then using self signed. 2. As per your comment, “CAS & CERTIFICATES” tool is aimed to generate certificates. And yes, it works well. For this I’m choosing “Create new” option in “Operation type”. It works well for CA and certificate. 3. More then this, I was able to add certificate (as per instruction) for starting OpenVPN server. On this case I’m using “Import existing” option in “Operation type”. It did the job perfect as well. But it is self signed and is ok for VPN. 4. However, when I’m trying to apply CA bundle and certificate which I’m getting from SSLS or Comodo, I’m getting the error I highlited in my first message. Are you using OpenWISP or the django-x509 module on its own? I’m using the OpenWISP UI tool. I don’t touch Django tools. Just trying to follow that simple and straight forward (as I think it is) procedure I found in UI. What is your goal in adding these CA and certs in this system? The goal is to have a valid certificate for HTTPS. Like any other web site running on HTTPS. Maybe I miss something. I tried to find documentation guide for that, I found this: https://github.com/openwisp/ansible-openwisp2?tab=readme-ov-file#ssl-certificate-gotchas As I understood default paths are /opt/openwisp2/ssl/[server.crt,server.key] So finally I replaced these files with my certificate and it works now. The confusion point is the way of adding certificate. My misunderstanding was that it also works fro the admin portal. But it is not. I thought it is the same as in other controllers I’m working with as well On Wednesday, February 7, 2024 at 12:31:38 PM UTC+2 f.capoano wrote: > I am not sure why you're getting this error. > > I am also not sure of what you're trying to do: this tool is meant for > generating certificates automatically, so if you don't have the private key > of the CA (in this case the Comodo CA), you cannot generate certificates > with it, so I don't see the point in adding it these to the x509 system of > OpenWISP, nor in investigating further. But maybe I am missing an important > piece of the puzzle. > > Could you explain what you're trying to do so that we can try to give > useful suggestions? > Are you using OpenWISP or the django-x509 module on its own? > What is your goal in adding these CA and certs in this system? > > Best regards > Federico Capoano > > On Wed, 7 Feb 2024 at 10:19, Andrei Vaganov <guento...@gmail.com> wrote: > >> Hi Guys, >> >> I'm truing to apply SSL from ssls.com or Comodo. >> While appling CA certificate or bundle all is fine, it is accepted. >> However when I'm trying to add certificate itself pointin to the >> installed CA , I'm getting this error: >> >> CA doesn't match, got the following error from pyOpenSSL: "unable to get >> local issuer certificate" >> >> Any idea? >> Looking forward for some help. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "OpenWISP" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to openwisp+u...@googlegroups.com. >> To view this discussion on the web, visit >> https://groups.google.com/d/msgid/openwisp/f0e34572-d3df-4b4a-9507-8cdd93d2cb3fn%40googlegroups.com >> >> <https://groups.google.com/d/msgid/openwisp/f0e34572-d3df-4b4a-9507-8cdd93d2cb3fn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+unsubscr...@googlegroups.com. To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/0f82a170-01cf-42e9-b59e-bf69bc02e732n%40googlegroups.com.
