2016-11-15 08:15 PM
We are trying to use client signed SSL certificates for the DFM administration page (OnCommane Core Package 5.2.1). I've set up ssl with the "dfm ssl server setup" command and then generated a request to be signed by the client. Once signed, I installed it with the "dfm ssl server import <filename>" command which was successful. After restarting the http service, I can access the web GUI but the certificate is not trusted. I believe this has something to do with the fact the signed certificate contains a "trust chain" which is not being picked up. The file I imported contains the DFM certificate first, then 2 certificate issuers (intermediate and root). If I import the same file but in the opposite direction (root first DFM last), the hhtp service fails to start. My question is, does DFM not support trust chains or is there an undocumented way of getting this to work? The basic error I get in Firefox is that the certificate is not trusted because the issuer certificate is unknown.