Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pkg: Certificate verification failed for /CN=*.netgate.com

    Problems Installing or Upgrading pfSense Software
    4
    10
    692
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      decibel83
      last edited by

      Hello,
      I don't have any package available in the package manager:

      Screenshot 2024-04-19 at 23.06.01.png

      So I connected to the console and tried to bootstrap pkg:

      [2.6.0-RELEASE][admin@fw]/: pkg bootstrap -f
      The package management tool is not yet installed on your system.
      Do you want to fetch and install it now? [y/N]: y
      Bootstrapping pkg from pkg+https://pkg.pfsense.org/pfSense_v2_6_0_amd64-pfSense_v2_6_0, please wait...
      Certificate verification failed for /CN=*.netgate.com
      34372542464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916:
      Certificate verification failed for /CN=*.netgate.com
      34372542464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916:
      Certificate verification failed for /CN=*.netgate.com
      34372542464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916:
      Certificate verification failed for /CN=*.netgate.com
      34372542464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916:
      Certificate verification failed for /CN=*.netgate.com
      34372542464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916:
      Certificate verification failed for /CN=*.netgate.com
      34372542464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916:
      pkg: Error fetching https://pkg.pfsense.org/pfSense_v2_6_0_amd64-pfSense_v2_6_0/Latest/pkg.txz: Authentication error
      A pre-built version of pkg could not be found for your system.
      Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.
      

      I tried to rehash the SSL certificates without success:

      [2.6.0-RELEASE][admin@fw1.dc.ems.network]/: certctl rehash
      Scanning /usr/share/certs/blacklisted for certificates...
      Scanning /usr/share/certs/trusted for certificates...
      Scanning /usr/local/share/certs for certificates...
      

      I've already read the Troubleshooting Upgrades document.

      Could you help me please?
      Thank you very much!

      1 Reply Last reply Reply Quote 1
      • N
        nmo
        last edited by

        [2.7.2-RELEASE][admin@pfSense.lan]/root: openssl s_client -connect pkg01-atx.netgate.com:443 -verify_quiet
        CONNECTED(00000003)
        depth=0 CN = *.netgate.com
        verify error:num=20:unable to get local issuer certificate
        depth=0 CN = *.netgate.com
        verify error:num=21:unable to verify the first certificate
        Certificate chain
        

        source: https://www.reddit.com/r/PFSENSE/comments/1c84y8b/pkg_an_error_occured_while_fetching_package/

        There are issues in netgate's cert chain

        D 1 Reply Last reply Reply Quote 0
        • D
          decibel83 @nmo
          last edited by

          @nmo thank you.

          So I just have to wait Netgate to fix the issue?

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @decibel83
            last edited by

            @decibel83 not seeing this on my 23.09.1, but yeah just fired up my 2.7.2 CE vm and is not able to grab packages.

            Normally such issues are corrected fairly quickly..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Hmm, checking...

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Try again now.

                johnpozJ 2 Replies Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @stephenw10
                  last edited by

                  @stephenw10 nope I still show it not working on my 2.7.2 box

                  nope.jpg

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @stephenw10
                    last edited by

                    @stephenw10 ok its working now

                    workingnow.jpg

                    I did a bootstrap and still wasn't working

                    bootstrap.jpg

                    But I then rebooted it and worked, so maybe I was just too fast and would of worked without the reboot, or maybe the reboot did something? Normally I would never reboot, but it running on just a vm, so takes a few seconds to reboot and nothing routing through it, etc.. that I would be worried about loosing connections on.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Mmm, should not have required boot-strapping as far as I know.

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @stephenw10
                        last edited by

                        @stephenw10 when it didn't work right away figured couldn't hurt, and still didn't work. Maybe if would of just waited a few minutes it would of been fine without doing anything

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.