Help creating new HTTPS certificate

TrueNAS General
1

I am trying to configure HTTPS on several of my apps (namely Jellyfin, Immich, and VaultWarden). As such I have tried to create a new certificate as per Managing Certificates | TrueNAS Documentation Hub but the UI seems to have changed since these docs were written. I am missing the Certificate Authorities widget and the Certificates widget only has “Import” rather than the Add Certificates wizard that is mentioned in the guide. I tried creating the certificates on my main machine and importing them but when I tried to connect to the site it gave me a Network error.

Using truenas_default allows me to use bitwarden on my desktop but not on my phone. My TrueNAS version is 25.10.1 - Goldeneye

Thanks in advance!

Edit: I was following this guide to generate the cert

Missing CA
Missing CA1915×920 56.6 KB

1 Like
2

Try changing the Docs to the 25.10 version. There is a blue Feedback button on the right side of the docs webpage where you can submit change suggestions, etc.

3

Ok so they got rid of the ability to generate new certs then.. Great. I tried following this guide on the Bitwarden forums and importing it via the certificates import but it causes a network error when I try to use it (as per my original post).

4

I have figured it out. You need to import a Certificate Authority to each device when using self-signed cert. So the full process looks like:

  1. Generate a new Certificate Authority.
    This will be what you install on your devices.
    openssl genrsa -out server_rootCA.key 2048
openssl req -x509 -new -nodes -key server_rootCA.key -sha256 -days 3650 -out server_rootCA.pem
openssl x509 -in server_rootCA.pem -inform PEM -out server_rootCA.crt
  2. Generate a new key (Note: For CN use your server’s IP address or domain name)
    openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key
  3. Generate a new certificate
    a. Create a file called v3.ext with the following:
    authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
IP = <your ip here>
    b. Run:
    openssl x509 -req -in server.csr -CA server_rootCA.pem -CAkey server_rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256 -extfile v3.ext
  4. Upload the new Certificate Authority and Certificate to TrueNAS via Credentials > Certificates > Certificates > Import
  5. Select the certificate when configuring your app.
  6. On each of your clients, import either server_rootCA.pem or server_rootCA.crt