starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 17:35:52 +03:00

[PR #4746] [CLOSED] Parse certificate expiration date and domains for custom API uploaded certificates #3948

New issue

Closed

opened 2026-02-26 08:32:34 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 08:32:34 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/NginxProxyManager/nginx-proxy-manager/pull/4746
Author: @Oratorian
Created: 8/30/2025
Status: ❌ Closed

Base: develop ← Head: develop

📝 Commits (2)

3215baf Parse certificate expiration date and domains for custom certificates
3b1f4ce Fixed! The linting error

📊 Changes

2 files changed (+67 additions, -2 deletions)

View changed files

📝 backend/internal/certificate.js (+61 -1)
📝 backend/schema/components/certificate-object.json (+6 -1)

📄 Description

fix: Parse certificate expiration date and domains for custom certificates

Extract actual expiration date from certificate before database insertion
Add SAN extraction to getCertificateInfo() function
Prevent expires_on defaulting to current timestamp for API uploads
Fix domain_names extraction from certificate CN and SAN fields

Extended GitHub Summary:

Problem

When uploading custom certificates via API, NPM was incorrectly setting the expiration date to the current timestamp instead of parsing it from
the certificate. This caused certificates to show as "already expired" even when they were valid for years. Additionally, domain names were not
being properly extracted from certificates.

Root Cause

The certificate model's $beforeInsert() method sets expires_on = now() when the field is undefined. Since API payloads for "other" provider
certificates don't include expires_on, all API-uploaded certificates received the current timestamp as their expiration date.

Solution

Modified certificate creation flow to parse certificate expiration date before database insertion
Enhanced getCertificateInfo() function to extract Subject Alternative Names using openssl x509 -text
Added proper domain extraction logic that includes both Common Name and SAN domains
Ensures expires_on field is set to actual certificate expiration date for custom certificates

Testing

Verified with custom CA certificates that:

Expiration dates now show correct future dates (e.g., 2027) instead of current date
Domain names properly extracted from both CN and SAN fields
Certificates display as valid in NPM webUI

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/NginxProxyManager/nginx-proxy-manager/pull/4746 **Author:** [@Oratorian](https://github.com/Oratorian) **Created:** 8/30/2025 **Status:** ❌ Closed **Base:** `develop` ← **Head:** `develop` --- ### 📝 Commits (2) - [`3215baf`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/3215baf26785a901f49b8651fbbc6cc58262c0d9) Parse certificate expiration date and domains for custom certificates - [`3b1f4ce`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/3b1f4ce993853b23a7c0f3328b67c7741c796b6e) Fixed! The linting error ### 📊 Changes **2 files changed** (+67 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `backend/internal/certificate.js` (+61 -1) 📝 `backend/schema/components/certificate-object.json` (+6 -1) </details> ### 📄 Description fix: Parse certificate expiration date and domains for custom certificates - Extract actual expiration date from certificate before database insertion - Add SAN extraction to getCertificateInfo() function - Prevent expires_on defaulting to current timestamp for API uploads - Fix domain_names extraction from certificate CN and SAN fields Extended GitHub Summary: ## Problem When uploading custom certificates via API, NPM was incorrectly setting the expiration date to the current timestamp instead of parsing it from the certificate. This caused certificates to show as "already expired" even when they were valid for years. Additionally, domain names were not being properly extracted from certificates. ## Root Cause The certificate model's `$beforeInsert()` method sets `expires_on = now()` when the field is undefined. Since API payloads for "other" provider certificates don't include `expires_on`, all API-uploaded certificates received the current timestamp as their expiration date. ## Solution - Modified certificate creation flow to parse certificate expiration date before database insertion - Enhanced `getCertificateInfo()` function to extract Subject Alternative Names using `openssl x509 -text` - Added proper domain extraction logic that includes both Common Name and SAN domains - Ensures `expires_on` field is set to actual certificate expiration date for custom certificates ## Testing Verified with custom CA certificates that: - Expiration dates now show correct future dates (e.g., 2027) instead of current date - Domain names properly extracted from both CN and SAN fields - Certificates display as valid in NPM webUI --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem

2026-02-26 08:32:34 +03:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#3948

No description provided.

Rows
Columns