Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with certificates (line 712) - can't manage any certificate

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 409 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Morgan 0
      last edited by Morgan 0

      Hi,

      After modify a certificate, I had a message about a fatal error with following message :

      Crash report details:

PHP Errors:
[26-Jul-2022 10:51:03 Europe/Paris] PHP Fatal error:  Uncaught Exception: DateTime::__construct(): Failed to parse time string (@) at position 0 (@): Unexpected character in /etc/inc/certs.inc:712
Stack trace:
#0 /etc/inc/certs.inc(712): DateTime->__construct('@', Object(DateTimeZone))
#1 /etc/inc/certs.inc(730): cert_format_date(NULL, NULL, false)
#2 /etc/inc/certs.inc(1975): cert_get_dates('-----BEGIN CERT...', true, false)
#3 /etc/inc/certs.inc(2188): cert_get_lifetime(Array)
#4 /usr/local/www/system_certmanager.php(1406): cert_print_infoblock(Array)
#5 {main}
  thrown in /etc/inc/certs.inc on line 712

      Now I can't create or modify any certificate anymore. I saw a simillar topic talking about same error after 2.5.0 upgrade. My PFSense is already on 2.5.0.

      On Redmine this problem is related to Bug #11489 and changeset 29804b9e6ff07d0224d9396b063f88f486f0d231 seems to fix this bug.

      I would like to know how to apply this patch ? I juste need to copy the changeset on the right file (/etc/inc/certs.inc) ? Is there a right way to apply patch ? Does I need to restart service after that ?

      Thanks a lot.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @Morgan 0
        last edited by

        What cert were you modifying ?
        What did you do -can you reproduce the steps needed to create such an error ( oh, wait, it's 2.5.0 - that was most probably already corrected, you just forgot to update ^^)
        What can you modify here ? :

        2cd742ff-a34c-4626-9d9b-5039c5b238b9-image.png

        if you know the name or any derails of the cert, backup your config, open it using an editor( Notepad++ will do , please : Not Word from Office ;) ) and look for the cert.

        Look for
        <cert>

        You will find several 'blocks' like this :

        	<cert>
		<refid>6242f7c3e2abe</refid>
		<descr><![CDATA[webConfigurator default (6242f7c3e2abe)]]></descr>
		<type>server</type>
		<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUV1ekNDQTZPZ0F3SUJBZ0lJR0gxRDNIa1VSVjh3RFFZSktvWklodmNOQVFFTEJRQXdaekZGTUVNR0ExVUUKQ2hNOFRtVjBaMkYwWlNCd1psTmxibk5sSUZCc2RYTWdkMlZpUTI5dVptbG5kWEpoZEc5eUlGTmxiR1l0VTJsbgpibVZrSUVObGNuUnBabWxqWVhSbE1SNHdIQVlEVlFRREV4VndabE5sYm5ObExUWXlOREptTjJNelpUSmhZbVV3CkhoY05Nakl3TXpJNU1USXhNalV5V2hjTk1qTXdOVEF4TVRJeE1qVXlXakJuTVVVd1F3WURWUVFLRXp4T1pYUm4KWVhSbElIQm1VMlZ1YzJVZ1VHeDFjeUIzWldKRGIyNW1hV2QxY21GMGIzSWdVMlZzWmkxVGFXZHVaV1FnUTJWeQpkR2xtYVdOaGRHVXhIakFjQmdOVkJBTVRGWEJtVTJWdWMyVXROakkwTW1ZM1l6TmxNbUZpWlRDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU0vaUNpZnJ0c1N0djV1MXN4bmE3SDI5Q1NKV2lMb0UKQkJDOUFTZVZ4U3VDWmtva0tya3pQVmR5MHg4RkFpczZrU1VIdUt6dkprRU5Mb3EzdytMbW9HelR5UGxySW1tNQpDeGh4ZWJCYUdaZ0R5ZVZYUHdseFVQNWtkNzhydFhySlZZV1VxZ1hSSTNTNS9FZ2JuK1dSakt3eTN3NGpsQmQ2CjA5d0dIZEhGa1M1a3RjWHdENmZtRENJbjM5eVBWRWw2RXZ0OU9IeVdoTzUvV2hWYUpicmREWjJXUjl1d3d5aGkKM3RlNmJ5VDJrV3NvZk9RU1pZY1d6TFRxeUwrbFpIZVRkTDl1cWNQUjUxSWVkaVk2WURRY0pZck45TzZZWG56awo2YkN3bUhsK2w5dEZrTnVTWm92V3VuUVRMdkIrTCswcnFnZ0V3Q0d1TG5vUG1zV3dJZXpmajlVQ0F3RUFBYU9DCkFXa3dnZ0ZsTUFrR0ExVWRFd1FDTUFBd0VRWUpZSVpJQVliNFFnRUJCQVFEQWdaQU1Bc0dBMVVkRHdRRUF3SUYKb0RBekJnbGdoa2dCaHZoQ0FRMEVKaFlrVDNCbGJsTlRUQ0JIWlc1bGNtRjBaV1FnVTJWeWRtVnlJRU5sY25ScApabWxqWVhSbE1CMEdBMVVkRGdRV0JCUnhPbW1CbExTTU5iSjJEbjczNzBsTjhBR2FNRENCbUFZRFZSMGpCSUdRCk1JR05nQlJ4T21tQmxMU01OYkoyRG43MzcwbE44QUdhTUtGcnBHa3daekZGTUVNR0ExVUVDaE04VG1WMFoyRjAKWlNCd1psTmxibk5sSUZCc2RYTWdkMlZpUTI5dVptbG5kWEpoZEc5eUlGTmxiR1l0VTJsbmJtVmtJRU5sY25ScApabWxqWVhSbE1SNHdIQVlEVlFRREV4VndabE5sYm5ObExUWXlOREptTjJNelpUSmhZbVdDQ0JoOVE5eDVGRVZmCk1DY0dBMVVkSlFRZ01CNEdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBZ1lJS3dZQkJRVUlBZ0l3SUFZRFZSMFIKQkJrd0Y0SVZjR1pUWlc1elpTMDJNalF5Wmpkak0yVXlZV0psTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBWAp5NnNGUkZoejZ0d1ZlNWNtZUZVTEUrSEpROXVBNkc0eWp2aE1aem5Db0pHeDRZMXA4V25sVEU3MWxlWHRlRjlUCnlINlFIaEhpZUFVcHg5L2o2REkxbEdrWTVSdU13K2toaFAyVUZhZDF0UnpJM3h2NXZacGZ6anBXSUFHWDczM1oKUGtuRVBLaldjMmZzQTJJZWNMODlDZTNSMlFjaFRPUnlSUExXNnErMVlYTDVtSSt6YWliakF5Z2NkemJMREMrVgpiY1RHcGRETFoyNlFLLzRVbmZ4UlhGUGRXVGV6WWlwNFZhejZkMWxlYUluRElHV3Z5dnVaR254dmx2RFhFc1BnCndneVl2K2M1QjArMGZIZHBTNEhrZzlmempHczBDUytxbG5KOEVmaTdydGNiTkRrYkZBQit5SmZ6WW1SY1JtV3IKdklrTzdOZXhKMFU5RjZ5UStNVzYKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=</crt>
		<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRFA0Z29uNjdiRXJiK2IKdGJNWjJ1eDl2UWtpVm9pNkJBUVF2UUVubGNVcmdtWktKQ3E1TXoxWGN0TWZCUUlyT3BFbEI3aXM3eVpCRFM2Swp0OFBpNXFCczA4ajVheUpwdVFzWWNYbXdXaG1ZQThubFZ6OEpjVkQrWkhlL0s3VjZ5VldGbEtvRjBTTjB1ZnhJCkc1L2xrWXlzTXQ4T0k1UVhldFBjQmgzUnhaRXVaTFhGOEErbjVnd2lKOS9jajFSSmVoTDdmVGg4bG9UdWYxb1YKV2lXNjNRMmRsa2Zic01Nb1l0N1h1bThrOXBGcktIemtFbVdIRnN5MDZzaS9wV1IzazNTL2JxbkQwZWRTSG5ZbQpPbUEwSENXS3pmVHVtRjU4NU9td3NKaDVmcGZiUlpEYmttYUwxcnAwRXk3d2ZpL3RLNm9JQk1BaHJpNTZENXJGCnNDSHMzNC9WQWdNQkFBRUNnZ0VBVitvOGFVMmlhZU1oR1hUcVhaRGNXd0RMRUI2UWpEcU9qWldoRzJDWGxpTDcKcDNkTUtpNmxUb3BkQnMxVGNYeS9UVzNLaURoTGNVOWwwM3lMOXpXWnV1eUdIaFZVNUdsQmJBRHhlY2RnODQwRwpvVnNZYWFIbW91OVNSU0x6Q1E2RWdJMnlxZXNjbDR6Z1NJNkdQTXdsTmQzOXZ6a0V0RGxaeDc4K2RTeWNqWVY5CjN6UmNKSzJvZ0x6VmU2dU1DdmdpMGVTM21uUm9CeGdUWnhIT080b0taOE1xN3N3ajF4bStqRVQrZEEvOHhacWkKbWV4TWdnYm5ZdVlLWjJVQU5lRzNDQ3pSd3NPV3J4eW5uSVN0MWlyOHFDdW5UNmRrYVEzaW1ocEdzN1BqZkk3MAp0L3hSbm9kaVd1MXFsOGVVT3BpSEhjWnRtdkFBMk84OFUxN0gzV24yQVFLQmdRRCtNM3RqaVNubFNDNkNzRGZwCkJjU2dmcHJLTjBMUG9wMUwrYVZDSDFsUTJJc2g3eDRWcWNSc0ZuUnlMQlowRTBKTEpvODBKWkNXWHVuaTVidWkKQUdOQmdVWWZEamNzRmp6eFIwV3Z2alMybFdsVkM3eHJEeFdNd01tUkJZeVc2MCtvSzFzakhrNkpEMlFvOWdabwpWRFVybmxmVDlIYVZmRHRwZVJSWTNYYmhkUUtCZ1FEUldxVjcrRGh0Z2VIUENXR0NDWHJlK3VBTlo5V3BjUG5jCndZdjZSNjVrYWkycS9HNXlNL2taVTU4VHdobERQRVRaTmt5Mk44ZlF5bzQwZFp3YU9SblczQ1E4K244ZWhUQXcKY0NiTnNoVHN6aFJZWnRmR2Y0OVdxQWkzY2pqTXpWczlrRDl6VzVFZ01TVlpEeXkwZWV2TThHZGxSZ2UzcGU3awpuS1Jtb2tESTRRS0JnUUNzMWpRL0tUUGpRWURlT3hMSXpiTXpyT0Z5UE1DZ2pPQ0dsK2RWWGh0TWJPK3MwdmlSCm9peDdrWWo3V0I2c0xhd1ZqTkl4a3BrTXBOeEIraEhweEhtNFFEMTlRQjBqVEx1REVnSy95NFByNFFzTldEMTAKVFgxSmhvdUduMDlJRGhiTE1TOTJZVlRrdkNKTjkzbkQxZjJRK3NpY3hNc2NPS3ZzdXZhcXRXbnZRUUtCZ1FDcgpWWGNuYk82cFdHbDRLaUk5N1FvODRLNXE2amFuZEVsWXpLR0ZWQks2SlZkNG54eTRwQ1pSL3VpcW4raFM2VWtqClIxZ2lyS1lBRHpXd1l5dzlIY3d5MW5sbDJsQWNwejNYOW9FYlNJbnRmMzZSRnFHeTF3UjFGQklHS0JtcUtzcG8KS054MHlWU05Od3RzeG9sOHJtYzNrdXZicXlOM3Zmb3o2S3AzUUlTcW9RS0JnRzlzOFpjd2t3Wm4wbE8vdHczKwpuaFZHdDJqTEQ1VEEvNWlDOC9YYkdBbzByZXVXbDJQaHVQd2w0a3g3dEo4MFRsaFNiSitucXJRL0xCZ29pTHFUCkg4SFJaV0J1elRuTmo0emZSdmF6VXA4Ujh4UTZuSENvQkJwM210cjV6M1Jtbml1c1lUUXlWUG5SYnE3ZlQ4OTUKaGpubTBrMVF2WXNPUGk1VDNtTnBwQ2JBCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K</prv>
	</cert>

        Keep a copy of this file, and create a new conf.xml where you deleted the entire <cert> .... </vert> block.

        Import this file back into pfSense.
        Nearly done.

        Be careful : if this cert was used somewhere, the, yeah, issues will exist.

        If it was the webConfigurator cert, go to the console, you can create a new one over there.
        Then assign it in System > Advanced > Admin Access and you'll be fine.

        Or create a new cert in the cert manager, and then assign it there where it was used.

        @morgan-0 said in Issue with certificates (line 712) - can't manage any certificate:

        My PFSense is already on 2.5.0.

        That's (very) old. 2.6.0 is out for quiet a while now.
        Be careful : updating a package that also includes a newer, for example php-tls ot ssl library will explode introduce issues like you have shown.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        M 1 Reply Last reply Reply Quote 0
        • M
          Morgan 0 @Gertjan
          last edited by

          @gertjan, It was a new cert created just few minute ago, assigned to nothing, I modified the key (it was just fort test) and save. After that the error occured and cannot do anything, see below :

          e637276f-b2fc-47ee-8b9b-264bbaa2e921-image.png

          At the beginning my problem is a certificate expired, users cannot connect to OpenVPN anymore (expiration yesterday) so I tried many things like renew button but it didn't work, I had an error "error renewing certificate". So I try to create a new one and got my error after modify key ^^'

          To solve my problem of fatal error, according to you I need to upgrade to 2.6.0 ?

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @Morgan 0
            last edited by

            @morgan-0 said in Issue with certificates (line 712) - can't manage any certificate:

            To solve my problem of fatal error, according to you I need to upgrade to 2.6.0 ?

            Your problem is one thing.
            Staying with an older version is another thing.
            And yes, the two can be related.

            Throw the cert away. You already figured out you can't use the GUI for this.
            So, back to old school : do it manually, see my post above.

            Btw : the cert you tried to renew was a 10 year lasting cert ? And it expired ? ๐Ÿ‘
            I would have a chat with the openvpn admin ... He had years of preparation, and still failed this one. ;) ๐Ÿ‘

            I just used this button :

            6c18be30-cfaf-4a9a-b853-799df0bb4dc4-image.png

            to renew an openvpn cert.

            No issue what so ever.
            I was using 2.6.0, didn't saw any issues - Now I'm using 22.05, no issues neither.
            So, yeah, older version maybe old bugs ^^

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            M 1 Reply Last reply Reply Quote 0
            • M
              Morgan 0 @Gertjan
              last edited by

              @gertjan I'll see to upgrade in two steps :
              1 - Retrieve backup configuration before creating this certificate (this morning at 10am)
              2 - Upgrade in 2.6.0

              About the cert I tried to renew it was just a 1 year cert ^^

              I'll keep you up to date after upgrade to 2.6.0 :) thanks for help ๐Ÿ™

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                You should also be able to apply the patch to 2.5.0 and then delete the bad cert.

                You should upgrade anyway though and that patch is already in 2.6.

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.