certificate error during package reinstall

j.koopmann

Hi,

I am experiencing a bit of trouble with the arpwatch package (tons of cron message errors coming in) and decided to reinstall the package. 23.01. But I am getting a certificate error:

Executing custom_php_install_command()...Certificate verification failed for /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
45488840318976:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
fetch: http://standards-oui.ieee.org/oui/oui.csv: Authentication error
done.
Executing custom_php_resync_config_command()...Certificate verification failed for /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
3233526288384:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_01-main/sources/FreeBSD-src-plus-RELENG_23_01/crypto/openssl/ssl/statem/statem_clnt.c:1921:
fetch: http://standards-oui.ieee.org/oui/oui.csv: Authentication error
done.

Any ideas? I found similar errors but they are long resolved or for older netgate hardware....

Regards
JP

rcoleman-netgate

What type of system? Whitebox? Netgate?

j.koopmann

@rcoleman-netgate Sorry.... Whitebox. Thomas-Krenn server. Intel based.

rcoleman-netgate

@j-koopmann Drop your NDI in here. I'll delete it afterwards - I should be able to bounce the certificate for you quick-like.

j.koopmann

@rcoleman-netgate [redacted]

Much appreciated

rcoleman-netgate

There's nothing for me to reset, I'm afraid.

I would first reboot.
Then run through the troubleshooting here: https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html

And if that does not resolve it you can open a ticket at the URL in my signature.

j.koopmann

Reboot did not help. Just submitted the ticket. Thank you very much for your great and extremely fast support.

johnpoz

@j-koopmann I just ran into this same error with arpwatch on 23.09.1 - did you get this sorted?

j.koopmann

@johnpoz you already found

https://redmine.pfsense.org/issues/14058

as I can see. That was what I found out at the time. With 23.05.1-RELEASE I am not able to reproduce it currently.

stephenw10

@j-koopmann said in certificate error during package reinstall:

https://redmine.pfsense.org/issues/14058

Hmm, interesting. So if you already has arpwatch installed with the update database option set? Or are upgrading the package I guess.

Yeah I can replicate that....

johnpoz

@stephenw10 said in certificate error during package reinstall:

https://redmine.pfsense.org/issues/14058

maybe we can get some traction on that remine then? CM says he wasn't able t reproduce on 23.05.. Which might of been true, I play with arpwatch now and then.. And don't recall seeing that error before, but now on 23.09.1 its very easy to replicate.

stephenw10

It is. Probably related to the OpenSSL change that impacted pkg in 23.09.