{"id":1680,"date":"2023-04-25T14:58:32","date_gmt":"2023-04-25T12:58:32","guid":{"rendered":"https:\/\/alessandromasciadri.com\/?p=1680"},"modified":"2023-04-25T15:06:59","modified_gmt":"2023-04-25T13:06:59","slug":"come-risolvere-il-subjectkeyidentifier-extension-error-su-truenas","status":"publish","type":"post","link":"https:\/\/alessandromasciadri.com\/come-risolvere-il-subjectkeyidentifier-extension-error-su-truenas\/","title":{"rendered":"Come risolvere il SubjectKeyIdentifier extension error su TrueNAS"},"content":{"rendered":"\t\t<div data-akihiro-type=\"ama-post\" data-akihiro-id=\"1680\" class=\"akihiro akihiro-1680\" data-akihiro-post-type=\"post\">\n\t\t\t\t<div class=\"akihiro-element akihiro-element-232e03d e-flex e-con-boxed e-con e-parent\" data-id=\"232e03d\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"akihiro-element akihiro-element-7639b7e akihiro-widget akihiro-widget-text-editor\" data-id=\"7639b7e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Dopo aver importato la configurazione della CA e del certificato di OpenVPN (come indicato in <a href=\"https:\/\/www.truenas.com\/community\/resources\/truenas-and-openvpn-client-configuration.158\/\">questa guida<\/a>) su TrueNAS, se ci si imbatte nell&#8217;errore <code>Client certificate must have SubjectKeyIdentifier extension set<\/code>, seguiamo questi passaggi per risolvere il problema.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-d81340e akihiro-widget akihiro-widget-heading\" data-id=\"d81340e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t<h2 class=\"akihiro-heading-title akihiro-size-default\">Soluzione<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-666bc36 akihiro-widget akihiro-widget-text-editor\" data-id=\"666bc36\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Come prima cosa colleghiamoci in SSH alla nostra istanza TrueNAS. Eseguiamo una copia di backup di questo file<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-b8b01c5 akihiro-widget akihiro-widget-code-highlight\" data-id=\"b8b01c5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>cp \/usr\/local\/lib\/python3.9\/site-packages\/middlewared\/plugins\/vpn.py vpn_backup.py<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-f7e6e82 akihiro-widget akihiro-widget-text-editor\" data-id=\"f7e6e82\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Ora apriamo con il nostro editor preferito il file<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-e245f7e akihiro-widget akihiro-widget-code-highlight\" data-id=\"e245f7e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-bash \">\n\t\t\t\t<code readonly=\"true\" class=\"language-bash\">\n\t\t\t\t\t<xmp>vi \/usr\/local\/lib\/python3.9\/site-packages\/middlewared\/plugins\/vpn.py<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-393264e akihiro-widget akihiro-widget-text-editor\" data-id=\"393264e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Cerchiamo questa porzione di codice<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-e711565 akihiro-widget akihiro-widget-code-highlight\" data-id=\"e711565\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-python \">\n\t\t\t\t<code readonly=\"true\" class=\"language-python\">\n\t\t\t\t\t<xmp>extensions = cert['extensions']\nfor ext in ('KeyUsage', 'SubjectKeyIdentifier', 'ExtendedKeyUsage'):\n    if not extensions.get(ext):\n        verrors.add(\n            f'{schema}.{mode}_certificate',\n            f'{mode.capitalize()} certificate must have {ext} extension set.'\n        )<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-67b59f9 akihiro-widget akihiro-widget-text-editor\" data-id=\"67b59f9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\trimuoviamo la voce\u00a0<code>SubjectKeyIdentifier<\/code> in modo tale che il codice risultante sia il seguente\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-95af066 akihiro-widget akihiro-widget-code-highlight\" data-id=\"95af066\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"code-highlight.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t<div class=\"prismjs-okaidia copy-to-clipboard \">\n\t\t\t<pre data-line=\"\" class=\"highlight-height language-python \">\n\t\t\t\t<code readonly=\"true\" class=\"language-python\">\n\t\t\t\t\t<xmp>extensions = cert['extensions']\nfor ext in ('KeyUsage', 'ExtendedKeyUsage'):\n    if not extensions.get(ext):\n        verrors.add(\n            f'{schema}.{mode}_certificate',\n            f'{mode.capitalize()} certificate must have {ext} extension set.'\n        )<\/xmp>\n\t\t\t\t<\/code>\n\t\t\t<\/pre>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"akihiro-element akihiro-element-3cffc97 akihiro-widget akihiro-widget-text-editor\" data-id=\"3cffc97\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"akihiro-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Salviamo il file e riavviamo il sistema.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Dopo aver importato la configurazione della CA e del certificato di OpenVPN (come indicato in questa guida) su TrueNAS, se ci si imbatte nell&#8217;errore Client certificate must have SubjectKeyIdentifier extension set, seguiamo questi passaggi per risolvere il problema. Soluzione Come prima cosa colleghiamoci in SSH alla nostra istanza TrueNAS. Eseguiamo una copia di backup di [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[20],"class_list":["post-1680","post","type-post","status-publish","format-standard","hentry","category-sistemistica","tag-linux"],"_links":{"self":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts\/1680","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/comments?post=1680"}],"version-history":[{"count":4,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts\/1680\/revisions"}],"predecessor-version":[{"id":1684,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/posts\/1680\/revisions\/1684"}],"wp:attachment":[{"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/media?parent=1680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/categories?post=1680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alessandromasciadri.com\/ama-json\/wp\/v2\/tags?post=1680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}