How to use Certificates from swan.conf in strongMan ?

[Spider84]

Hello!

I use Let's Encrypt certificate that has only 3 month life cycle. In strongMan GUI no way to update certificate. In Issue suggested to use directly added certificate to swan.conf. BUT HOW? How select this certificate added in swan.conf in connection from Web UI?

[tobiasbrunner]

Yeah, I guess that doesn't really work. You'd have to be able to configure the identity without selecting a certificate, but that's apparently not possible at the moment. So if you really want to use strongMan, you'd have to update the database I suppose.

[Spider84]

can you show example how to update certificate data in database? What and where need to be updated?

UPDATE certificates_certificate SET
der_container = '<WHAT?>',
public_key_hash = 'H:E:X.....',
serial_number = <serial>,
valid_not_after = 'date',
valid_not_before = 'date'
WHERE id = <id>

and save for certificates_privatekey

what is der_container ?

[tobiasbrunner]

what is der_container ?

The DER (i.e. binary) encoding of the certificate.

By the way, what's your reason for using strongMan? Because it seems doing this via swanctl.conf would be easier.

[Spider84]

I need Web UI to manage user list. Our "administrator" is to stupid to edit configs...

[tobiasbrunner]

OK, since the users (EAP secrets) are independent of the configs, you could just manage those via strongMan and use a swanctl.conf-based config with EAP authentication for the connection.

[Spider84]

Hmm... I will try. But in this case, we will lose online status indication...