Replies: 1 comment 1 reply
-
|
They look ok to me, and they are properly working on the TrueNAS. I'm not familiar with Win-ACME, but looking at the docs it seems that you need to properly define |
Beta Was this translation helpful? Give feedback.
-
|
OK great and thank you! In the past, the default settings also worked well with win-ACME. I had installed the root CA in the trust store and it was renewing as expected. (I was using the baseuri modifier as well as the verbose one to verify all was well.) However, ever since I modified the claims in the JSON file, the win-ACME client can pull and install the certificate as before but two things don't happen: 1) the NUC does not use the certificate from the tinyCA. Instead, it uses a self-generated one. 2) The auto-renewal process is 55 days instead of a day as it should be. I'll head over to Wouter and ask him. Thank you again for looking over the JSON file. |
Beta Was this translation helpful? Give feedback.
-
Good morning,
I wonder if I have modified the /etc/step-ca/config/ca.json file correctly to enable longer default certificate life times? Below is the relevant JSON section for ACME where I added the relevant claims.
{ "type": "ACME", "name": "acme" "claims": { "minTLSCertDuration": "5m", "maxTLSCertDuration": "96h", "defaultTLSCertDuration": "48h", "disableRenewal": false } }My TrueNAS is picking up these 2-day certificates without a problem.
My win-acme client on a different machine succeeds pulling certificate but doesn't end up using them properly as in the past. For whatever reason, the trust store creates and defaults to a internal self-signed certificate instead. Additionally, Win-ACME also thinks the certificate only needs a renewal every 55 days. Before asking Wouter for help with Win-ACME, I would like to verify that I got the JSON part of the file correct.
Thank you all for your help in the past and for an amazing product. Constantin
Beta Was this translation helpful? Give feedback.
All reactions