pkg: Certificate verification failed for /CN=*.netgate.com
-
Hello,
I don't have any package available in the package manager:
So I connected to the console and tried to bootstrap pkg:
[2.6.0-RELEASE][admin@fw]/: pkg bootstrap -f The package management tool is not yet installed on your system. Do you want to fetch and install it now? [y/N]: y Bootstrapping pkg from pkg+https://pkg.pfsense.org/pfSense_v2_6_0_amd64-pfSense_v2_6_0, please wait... Certificate verification failed for /CN=*.netgate.com 34372542464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916: Certificate verification failed for /CN=*.netgate.com 34372542464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916: Certificate verification failed for /CN=*.netgate.com 34372542464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916: Certificate verification failed for /CN=*.netgate.com 34372542464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916: Certificate verification failed for /CN=*.netgate.com 34372542464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916: Certificate verification failed for /CN=*.netgate.com 34372542464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916: pkg: Error fetching https://pkg.pfsense.org/pfSense_v2_6_0_amd64-pfSense_v2_6_0/Latest/pkg.txz: Authentication error A pre-built version of pkg could not be found for your system. Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.I tried to rehash the SSL certificates without success:
[2.6.0-RELEASE][admin@fw1.dc.ems.network]/: certctl rehash Scanning /usr/share/certs/blacklisted for certificates... Scanning /usr/share/certs/trusted for certificates... Scanning /usr/local/share/certs for certificates...I've already read the Troubleshooting Upgrades document.
Could you help me please?
Thank you very much! -
[2.7.2-RELEASE][admin@pfSense.lan]/root: openssl s_client -connect pkg01-atx.netgate.com:443 -verify_quiet CONNECTED(00000003) depth=0 CN = *.netgate.com verify error:num=20:unable to get local issuer certificate depth=0 CN = *.netgate.com verify error:num=21:unable to verify the first certificate Certificate chainsource: https://www.reddit.com/r/PFSENSE/comments/1c84y8b/pkg_an_error_occured_while_fetching_package/
There are issues in netgate's cert chain
-
@nmo thank you.
So I just have to wait Netgate to fix the issue?
-
@decibel83 not seeing this on my 23.09.1, but yeah just fired up my 2.7.2 CE vm and is not able to grab packages.
Normally such issues are corrected fairly quickly..
-
Hmm, checking...
-
Try again now.
-
@stephenw10 nope I still show it not working on my 2.7.2 box
-
@stephenw10 ok its working now
I did a bootstrap and still wasn't working
But I then rebooted it and worked, so maybe I was just too fast and would of worked without the reboot, or maybe the reboot did something? Normally I would never reboot, but it running on just a vm, so takes a few seconds to reboot and nothing routing through it, etc.. that I would be worried about loosing connections on.
-
Mmm, should not have required boot-strapping as far as I know.
-
@stephenw10 when it didn't work right away figured couldn't hurt, and still didn't work. Maybe if would of just waited a few minutes it would of been fine without doing anything
