[bug] ntopng - Broken SSL, inaccessible web with own cert from pfSense
-
I've installed a newest/freshest pfSense yesterday: 2.4.4_2. Today I've installed ntopng 0.8.13_3. The package ntopng took the certificate from the pfSense, which is a self-signed, from my own intermediate CA, from my own root CA.
Now, the ntopng created the .pem file:
/usr/local/share/ntopng/httpdocs/ssl/ntopng-cert.pemThis ntopng-cert.pem does NOT contain the intermediate+root .cer public keys from the pfSense, only the server's public/private key => the final resulting certificate is invalid.
It's also not possible to connect via http (without SSL), as the /usr/local/etc/rc.d/ntopng.sh script has configured the "-w 0".
So, after a fresh install, without doing anything special, the package is just broken.
I've tried quite hard to fix this - but the ntopng-cert.pem gets rewritten always after the restart (?), so it just replaces my own fixed .pem (with the intermediate/root certs inside).
Like this, Chrome just tells me:
NET::ERR_CERT_AUTHORITY_INVALIDAnd when I inspect the cert in Chrome, I see this:
The issuer of this certificate could not be found.Anybody ;-)? Thank you!
-
UPD:
Context:
- The package manifest: /usr/local/pkg/ntopng.xml uses:
- Config: /usr/local/pkg/ntopng.xml which includes:
- Include: /usr/local/pkg/ntopng.inc which includes:
- Include: /etc/inc/certs.inc which holds the cert-functions
The cert-functions are then used like this:
$cert = lookup_cert($config['system']['webgui']['ssl-certref']); ntopng_write_cert_file("/usr/local/share/ntopng/httpdocs/ssl/ntopng-cert.pem", $cert);Which is the problem I guess, as the ['ssl-certref'] is used alone, without any dependent intermediate certs.