Import TLS certificates into TrueNAS

This section explains how to import the TrueNAS TLS certificate, TrueNAS private key, and CA certificates into TrueNAS through the web interface. Before importing, you must export the client private key from the PKCS #12 file by using OpenSSL. Perform the following tasks:

Extract the client private key from the PKCS #12 file.
Import the CA certificate.
Import the TrueNAS certificate.

Extract the private key

Perform the following steps to extract the client private key from the PKCS #12 file:

Open a terminal application that has OpenSSL installed.

Go to the directory with the PKCS #12 file.

Run the following OpenSSL command to extract the clear client private key from the PKCS #12 file and save it to a new PEM file:

Text

$ openssl pkcs12 -in pki.p12 -out client-key.pem -nodes -nocerts

The command prompts for the import password. Enter the password contained in the pki-password.txt file.

Import the CA certificate

Perform the following steps to import the CA certificate:

Go to System > CAs and select [ Add ].

In the Type drop-down menu, select Import CA.

Enter a name for the CA, then paste the CA certificates from the ca-chain.pem file into the Certificate field.

Leave the Private Key and Passphrase fields empty and select [ Submit ].

Import the certificate

Perform the following steps to import the TrueNAS certificate:

Go to System > Certificates and select [ Add ].

In the Type drop-down menu, select Import Certificate.

Enter a name for the certificate, and paste the TrueNAS certificate (client-cert.pem) and private key (client-key.pem) into the appropriate fields.

Leave the Passphrase field empty and select [ Submit ].

⌘I

​Extract the private key

​Import the CA certificate

​Import the certificate

Extract the private key

Import the CA certificate

Import the certificate