CSR issues on 2.3

awebster

Thanks for the update.

Confirmed #5 (country code) is working properly.

I think for issue #1 that the problem is that the variable(s) that contain the certificate start/end dates are not cleared before processing the entry consequently are showing the same values as seen in the webConfigurator default self-signed certificate.

I'll wait until #2,3,4 are addressed because the cert manager it is pretty much unusable in its current state.

Steve_B

The other items were determined to be suspect in 2.2.x so we just updated 2.3 (largely) per your suggestions.

Thanks

jimp

1 - Steve_B added some code to hide the date for CSRs, it wasn't present it was re-using values from previous certificate entries
2 - Icons reorderd and changed - the first icon is now a pencil, which should more clearly indicate that it's an edit function
3 - Export options changed for CSR to export the request data instead, .p12 option hidden since it's irrelevant
4 - That's handled via the edit function (See #2)
5 - I confirmed country selection is working again now after Steve_B's last fixes

Still some room for formatting improvement but it's better now.

@awebster:

the cert manager it is pretty much unusable in its current state.

That's not true – you could always edit the data and copy/paste out the req -- just had to click the proper icon to get to that screen. There was no actual functional problem preventing its use among the listed items. CSRs are not frequently used in pfSense so there are likely to be more bugs along that path, working with internal certificates is the most common path and that has been working well.

awebster

Thanks for the update.
I will give that a try.

In 20151202 snapshot, there was no way to view the CSR, so I'm looking forward to the fixes.
My utilisation scenario is a centralized CA issuing certificates to VPN endpoints. 
I could always do a manual openssl key gen/csr/import, but would rather use the GUI, particularly if having remote users fill the fields in and send the resulting CSR for signature.

awebster

Its looking much better!
Pencil icon is clear and concise as to its purpose.
Export icon now works as expected.

However, these issues remain:

• Pasting certificate data into Final Certificate Data text box and clicking Update just reloads the page and the Final Certificate Data text box is empty.

• Cosmetic: adjust the default width of the Signing request data and Final Certificate Data text boxes to not wrap the text.  See screen cap.

Steve_B

Thanks. I have a fix for these and will push it out as soon as a local networking issue is resolved.

awebster

Update on the update…

Text boxes look good now!

But not out of the woods yet...
Pasting the Final Certificate Data and clicking update gives an error:  "The field Descriptive name is required", and can't continue.
See screenshot.

Steve_B

I wondered about that but was unable to compare the behavior to 2.2.5 yesterday. Investigating now.

Steve_B

The descriptive name field was missing from the CSR completion form. Should be fixed now.

awebster

Thanks, it works!

Would be nice to retain the pencil icon for easy access to certificate contents for cutting/pasting when moving it from one box to another.