Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No way to download pfsense

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    37 Posts 8 Posters 6.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doktornotor Banned
      last edited by

      Are you as well trying via HTTPS? Then stop.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        The certs being used show as valid via every single check I can think to do on them.. They are clearly wild card certs.. this kind of makes that obvious *.pfsense.org

        As to using https to mirrors.. That would be up to the mirrors themselves if they support https or not and certs used again would be on them.

        As to attaching jpg files there is no issues that I see with doing that, how about not putting in spaces of files names your trying to attach to some system to use.

        I have accessed it with ie, firefox, chrome without any issues.

        certchecks.png
        certchecks.png_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          Yeah, there's no problem with certs where they are used. When people switch HTTP links to HTTPS on download mirrors or whatever, the certs are no longer valid, because those are another subdomain, would require another set of wildcard certs (waste of money) or redoing the DNS.

          1 Reply Last reply Reply Quote 0
          • JailerJ
            Jailer
            last edited by

            @doktornotor:

            Yeah, there's no problem with certs where they are used. When people switch HTTP links to HTTPS on download mirrors or whatever, the certs are no longer valid, because those are another subdomain, would require another set of wildcard certs (waste of money) or redoing the DNS.

            Exactly. User error, not pfsense error.

            1 Reply Last reply Reply Quote 0
            • 2
              2chemlud Banned
              last edited by

              May I repeat that it hasn't been a problem in the past to download via https. Why is it explicitly forbidden now to use https for downloading?

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by

                Not forbidden, but consider this:
                if your browser can't 'resolve' the certificate it receives from the web server, then …. things start to error.

                Looking at this error:
                files.nyi.pfsense.org uses an invalid security certificate. *The certificate is only valid for the following names: .pfsense.org, pfsense.org

                files.nyi.pfsense.org is a sub domain of *.pfsense.org - but, somehow, your browser says : it isn't. That's scarry.
                In that case: better forget about https with that browser, use your 'plan B' browser.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • 2
                  2chemlud Banned
                  last edited by

                  It's the latest firefox, both Windows and Linux. There is no plan B.

                  1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan
                    last edited by

                    @2chemlud:

                    It's the latest firefox, both Windows and Linux. There is no plan B.

                    That's not a reliable situation.
                    IF Firefox manages to send over a new version with a huge bug (let's say: certificate checking ;)), you will not be able to 'surf' anymore, neither repair (== upgrade) your Firefox.
                    On most Windows system, somewhere, IE is still present for the 'in case of' situations.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    1 Reply Last reply Reply Quote 0
                    • 2
                      2chemlud Banned
                      last edited by

                      I do not upgrade all systems at the same time. So there is always a way back. No, IE is eliminated on my Win systems.

                      There is no problem with firefox, huh? Might just be somewhat strict with the certificates.

                      But as usual in this forum, everything is fine with pfsense, always the user is just a bloddy id*ot… Got it!

                      btw: Why exactly is https not allowed for downloads?

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        @2chemlud:

                        btw: Why exactly is https not allowed for downloads?

                        If you actually read this thread, already been answered. Instead of relying on broken-by-design addons (if the author wasn't an idiot, he'd try some prefetch and only force HTTPS if no certificate errors were encountered). *.pfsense.org certs will NOT work for *.subdomain.pfsense.org; it hasn't worked in any browser for years, it hasn't worked in Firefox since 2012. This behavior conforms to relevant standards, no bug there. https://bugzilla.mozilla.org/show_bug.cgi?id=495339

                        1 Reply Last reply Reply Quote 0
                        • 2
                          2chemlud Banned
                          last edited by

                          Again, I use eff.org https-everywhere for YEARS. Also I use only Firefox for YEARS. Never had any issues with downloading pfsense.

                          AGAIN: Question: WHAT has changed, why is it not possible to download pfsense with this setup?

                          Please, stick to that question and don't try to tell me it's Firefox or me who is the problem…

                          1 Reply Last reply Reply Quote 0
                          • GertjanG
                            Gertjan
                            last edited by

                            @2chemlud:

                            But as usual in this forum, everything is fine with pfsense, always the user is just a bloddy id*ot… Got it!

                            Noop.
                            Proof it to yourself : visit any https site like: www.paypal.com
                            You saw the green bar ? Your browser is working, certificats are ok, pfSense is working.
                            Btw: 'certificats' are just files, being put in TCP streams. pfSense as a NAT/Firewall does know nothing about 'certificats'.

                            This is a "browser can't match certificate" issue. Maybe it cached a certificate, can't contact the certificate issuer (temporalily DNS issue).

                            Anyway, pfSense image files are stored on "public download servers", they probably even don't use pfSense :)

                            Another proof/test : try downloading, bypassing the pfSense on your LAN (using the same ISP).
                            It works ? doesn't work ?

                            edit: when browsing to https://files.nyi.pfsense.org:443 I receive the same error with my FF browser - Doktornotor's https://bugzilla.mozilla.org/show_bug.cgi?id=495339 becomes very clear !

                            No "help me" PM's please. Use the forum, the community will thank you.
                            Edit : and where are the logs ??

                            1 Reply Last reply Reply Quote 0
                            • 2
                              2chemlud Banned
                              last edited by

                              May I cite from the the 2009 bug (after dusting of a little):

                              "This bug is invalid. 
                              It complains that a cert with the wildcard pattern  *.glodns.net
                              does not match the DNS name swiftspirit.co.za.plesk01.glodns.net
                              but that failure to match is REQUIRED by the relevant Internet standards.
                              It was the old behavior, where it DID match, that was a bug.  "

                              So, what has changed since May 2015, as I did my last download without any problems on different systems (Win, Linux) with Firefox and https-everywhere plugin?

                              PLEASE, no FUD, stick to that question! Why is it not possible to download pfsense via a https connection?

                              1 Reply Last reply Reply Quote 0
                              • D
                                doktornotor Banned
                                last edited by

                                @2chemlud:

                                Why is it not possible to download pfsense via a https connection?

                                Are you actually reading, dude? Already told you twice. Are you going to pay for those 6 other wildcard certs yourself? There's no problem with downloading anything from mirrors. The only problem here is your idiotic browser addon making totally invalida assumptions that if there's something listening on port 443, it sure is intended and configured to serve the same content.

                                1 Reply Last reply Reply Quote 0
                                • 2
                                  2chemlud Banned
                                  last edited by

                                  Do you actually read, Sir? I told you that there was no problem with this setup until May 2015, so what has changed since May 2015?

                                  Simple question.

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    doktornotor Banned
                                    last edited by

                                    There was no problem before May 2015, there is no problem now, pretty sure there will be no problem in future either. That is, for people, who actually use the provided download links as opposed to improving those links with idiotic addons.

                                    IOW - fix your browser or configure it to trust those "invalid" certificates if you insist on downloading via HTTPS. (At least one of those mirrors actully does NOT have HTTPS enabled anyway.) There's no problem here, except PEBKAC.

                                    1 Reply Last reply Reply Quote 0
                                    • 2
                                      2chemlud Banned
                                      last edited by

                                      Adapt your medication, less or more. The current dose is inadequate. - not cool

                                      1 Reply Last reply Reply Quote 0
                                      • D
                                        doktornotor Banned
                                        last edited by

                                        Thanks for your advise. Go buy more tinfoil.

                                        I just don't get the people writing similar addons. We have multiple places where there's a normal website running on port 80. On port 443, there's a reservation system running for resellers. Same IP, same FQDN. We have other places which have a webmail on port 443. Again, same IP, same hostname. Both these examples run a completely different webserver on HTTPS port, and serve completely different content there. Beyond the above - there are zillions of websites on shared webhosting which - while serving the same content - have completely invalid certificates which belong to the webhosting company and is issued for their FQDN. Simply because HTTPS is a service that's charged as an extra, requiring further configuration, extra certificates and - at least until recently - also a separate IP address, due to lacking SNI implementation.

                                        How on earth can anyone write addons that expect that simply rewriting http:// to https:// in browser is going to produce a working and meaningful result?

                                        1 Reply Last reply Reply Quote 0
                                        • 2
                                          2chemlud Banned
                                          last edited by

                                          Again, it worked fine until May 2015 with exactly the same browser/plugin combination.

                                          Total off topic, but: Did you ever consider that you might harm a honourable software project by the wording of your posts here? I mean, your expertise on networking is not under debate, however, your inter-personal skills … eeeh... might need some training? If I were looking for a decent firewall and read the forum here... Wasn't that bad when I came here first 2 years ago or so...

                                          Just my personal opinion.

                                          1 Reply Last reply Reply Quote 0
                                          • ?
                                            Guest
                                            last edited by

                                            @2chemlud:

                                            Adapt your medication, less or more. The current dose is inadequate.

                                            The netiquette was leaving this thread likes me now too, what the hell is going on to bug us
                                            a whole days because you will not check that your browser is the guilty and not we users here in the forum.  >:(

                                            PLEASE, no FUD, stick to that question! Why is it not possible to download pfsense via a https connection?

                                            Ask the pfSense team and please don´t troll us for that, I was answering that I am also having problems downloading an ISO file via Opera and FF, but not with IE 11 & IE12, so what is now your real problem?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.