6

TrueNAS says that the "freenas_default" certificate has expired.

Apparently due to this expiration, I am unable to do some things with the network, including updating software. There is precious little help that I can find, and I've yet to run across any article that attempts to solve the problem. A search for Certificates in the manual did not reveal a way to circumvent this problem.

I ran freenas for years (versions 9, 11) without issue. Now, three months after installing TrueNAS I have this problem.

Looking in the GUI for TrueNAS, there is a Certificates section. Exactly one certificate is listed:

freenas_default
external
/C=US/O=iXsystems/CN=lo
Valid 2020-04-15 to 2022-07-19

There is an option to Add a certificate, which presents a form with a lot of questions, some of which I am not sure how to answer. The options available for the existing certificate are: View, Export Certificate, Export Private Key, Delete. I'd hoped to see RENEW there but alas.

What should I try in order to get past this?

Update: When trying to create a new certificate as suggested by @Ramhound in the comments, I am unable to satisfy the Signing Certificate Authority requirement. See images.

Empty Dropdown list

Result of selecting -- item from dropdown

Dennis
  • 225

1 Answers1

13

I had the same condition on my TrueNAS 12.0 setup. What I did to fix it is a simple three step process.

First, you create your own internal CA. System > CAs > Add. Just give it a name, mark it as type Internal, complete the required lines of the Certificate Subject like with any other self-signed cert. Then submit.

This allows you to complete step two. System > Certificates. This part is almost identical to step one, except that now you have "Signing Certificate Authority" you can choose when you make the new certificate here. Once you submit, then you have to tell TrueNAS which cert to use for HTTPS.

Go to System > General and very first option is "GUI SSL Certificate". Select your newly created cert. It will ask if you want to restart the web service (yes). Then repoint your browser, accept the self signed cert and you are good to go.

Hope it helps!

Joseph E.
  • 139