Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certificate fails to upload if CA bundle doesn't end with empty new line #110

Open
aureq opened this issue Dec 30, 2024 · 0 comments · May be fixed by #111
Open

Certificate fails to upload if CA bundle doesn't end with empty new line #110

aureq opened this issue Dec 30, 2024 · 0 comments · May be fixed by #111

Comments

@aureq
Copy link

aureq commented Dec 30, 2024

The certificate will be rejected by the FRITZ!Box if the concatenation of the the fullchain and the private key aren't as expected.

The FRITZ!Box returns the following HTML indicating it is confused.

<!DOCTYPE html>
<html>
<head>
<meta http-equiv=content-type content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="format-detection" content="telephone=no" />
<meta http-equiv="x-rim-auto-match" content="none" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, minimal-ui" />
<meta name="mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-capable" content="yes" />
<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
<meta http-equiv="cleartype" content="on">
<link rel="icon" href="/favicon.ico" size="16x16"/>
<link rel="icon" href="/icon.svg" type="image/svg+xml"/>
<link rel="icon" href="/icon.png" type="image/png"/>
<link rel="apple-touch-icon" href="/apple-touch-icon.png" />
<link rel="apple-touch-startup-image" href="/apple-touch-icon.png" />
<link rel="stylesheet" type="text/css" href="/css/rd/singleside_old.css"/>
<title>FRITZ!Box</title>


</head>
<body>
<div id="main_page_all">
<header class="" name="" id="blueBarBox">
<div class="logoBox" name="" id=""></div>
<div class="blue_bar_titel" name="" id="blueBarTitel">FRITZ!Box</div>
<div class="logoBox fake" name="" id=""></div>
</header>
<div id="page_content_no_menu_box">


<div class="blue_bar_back">
  <h2>FRITZ!Box</h2>
</div>

<div id="page_content" class="page_content">

  <form method="POST" name="mainform" action="/index.lua">
    <p>
      Could not import the SSL certificate. The certificate may be invalid. Please select a valid certificate and try again.
      <br>
    </p>

    <input type="hidden" name="sid" value="d48a80644cf18f09">
    <input type="hidden" id="uiLP" name="lp"  value="remoteHttps">
  </form>

</div>
  <script type="module">
      import postUpload from "/js/post_upload.js";

      postUpload.redirect(5000);
  </script>


<div class="clear_float"></div>

</div>
</div>
</div>

</body>
</html>

After debugging, if the provided full chain doesn't end with an empty line (\n), the concatenation of the 2 files (--fullchain and --key) will return in an incorrect separation of the the CA and the private key.

-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE----------BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
aureq added a commit to aureq/fritz-tls that referenced this issue Dec 30, 2024
@aureq
🌿 improve file handling when concatenating the fullchain and the
1ec0008 
private key. If either file don't end with an empty new line, then
one is added

🐛 fixes tisba#110
@aureq aureq linked a pull request Dec 30, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

🌿 improved file handling aureq/fritz-tls
1 participant
@aureq