Im caught in the GUI Certificate tar pit.
I have two machines, both running core and up to date (13.0 U6). Both need the GUI certificate refreshed. One machine, a MiniXL performed as advertised once I realized what profile did and how to deal with common name and alternate name.
These are home systems so dot-local domain is used eg peabody and peabody.local for the MiniX and sherman and sherman.local for the homebrew.
And RSA certificate profile. Submit becomes operable, click it, and Peabody runs to completion in about a second but sherman (the homebrew) task status is waiting (for cows to come home). The task never launches so no error code in Task Status window.
I’ve tried ARC and Safari browsers and private windows to no joy on Sherman.
There is some uncertainty about the importance of the GUI certificate. Some say no harm, no foul. One poster has said that updates may fail without it.
This thing seems to be a continuing source of pain. Sadly, I’m not a sysadmin, just a dumb recovering modeling and simulation user (retired puke) who did his own admin for too many years.
The Guide tutorial is excellent almost. I think it needs some words about how to deal with common name and alternate name in a .local MDNS environment. UniFi networking here and UI controller is handing out the IPs with these two pegged based on port connection. The addresses resolve and I can browse to them by their names peabody.local and sherman.local.
When a form is validating fields, the validation criteria should be mentioned. Virginia is not the expected VA. Oh, and how would this work in say, Germany?
Common name and alternate name seem poorly chosen and these fields are not well explained. Is there validation? Must they be resolvable? Is MDNS enabled as a resolver source? What do you do if there is no registered domain? I have one but it belongs to WordPress. I can’t finagle DNS records there.
I really think you need to add some mechanism to regenerate the installation certificates since that process works and has a correct and consistent set of fake data. If somebody really wants bespoke certificates they can deal with the pain but home/soho users and Geek Squad shouldn’t have to wrestle this bear.