• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

The package server's SSL certificate could not be verified.

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
11 Posts 5 Posters 4.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D
    Darkk
    last edited by Dec 27, 2015, 11:05 PM

    After I did the upgrade to 2.2.6 only one package got reinstalled.  So went to install manually I got this warning message:

    System: Package Manager help

    exclamation The package server's SSL certificate could not be verified. The SSL certificate itself may be invalid, its chain of trust may have failed validation, or the server may have been impersonated. Downloaded packages may come from an untrusted source. Proceed with caution.

    Should I be concerned about this?

    I will hold off installing any packages.

    1 Reply Last reply Reply Quote 0
    • N
      NOYB
      last edited by Dec 28, 2015, 2:50 AM

      I wonder if this could be related to the issue I'm seeing with 2 url table aliases no longer able to download via ssl after upgrade from 2.2.5 to 2.2.6.  Even after a fresh full install.

      https://forum.pfsense.org/index.php?topic=104392.0

      USB memstick, i386, VGA

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by Dec 29, 2015, 6:09 PM

        That's definitely indicative of a problem of some sort. If you go to a command prompt and run the following, what do you get?

        fetch https://packages.pfsense.org
        

        @NOYB:

        I wonder if this could be related to the issue I'm seeing with 2 url table aliases no longer able to download via ssl after upgrade from 2.2.5 to 2.2.6. 
        https://forum.pfsense.org/index.php?topic=104392.0

        If you'd do what I asked in that thread and post back results there, maybe we could determine that.

        1 Reply Last reply Reply Quote 0
        • C
          ctirado
          last edited by Dec 29, 2015, 10:34 PM

          I get

          
          $ fetch https://packages.pfsense.org
          packages.pfsense.org                                     0  B    0  Bps
          
          

          when I run that command on:

          2.2.6-RELEASE (amd64)
          built on Mon Dec 21 14:50:08 CST 2015
          FreeBSD 10.1-RELEASE-p25

          Carlos

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by Dec 29, 2015, 11:42 PM

            @ctirado:

            I get

            
            $ fetch https://packages.pfsense.org
            packages.pfsense.org                                     0  B    0  Bps
            
            

            That's the correct expected output. I presume in your case your interest is re: the IPsec post you made, which is completely unrelated to what this thread is about. IPsec certificates are a completely different, separate component and their verification has no relation to fetch.

            1 Reply Last reply Reply Quote 0
            • C
              ctirado
              last edited by Dec 30, 2015, 3:57 PM

              No, I just thought it might be helpful. I was already remoted into my pfSense box and it only took a minute or two to put together the post.

              Carlos

              1 Reply Last reply Reply Quote 0
              • D
                Darkk
                last edited by Dec 31, 2015, 6:57 AM

                I am getting this when trying to fetch it in the command prompt:

                $ fetch https://packages.pfsense.org
                No server SSL certificate
                fetch: https://packages.pfsense.org: Authentication error

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by Dec 31, 2015, 8:11 PM

                  @Darkk:

                  I am getting this when trying to fetch it in the command prompt:

                  $ fetch https://packages.pfsense.org
                  No server SSL certificate
                  fetch: https://packages.pfsense.org: Authentication error

                  That's why. What files do you have in /usr/local/etc/ssl/?

                  1 Reply Last reply Reply Quote 0
                  • D
                    Darkk
                    last edited by Jan 1, 2016, 3:14 AM

                    Just one file:

                    [2.2.6-RELEASE]/usr/local/etc/ssl: ls -l
                    total 960
                    -rw-r–r--  1 root  wheel  944280 Dec 21 13:20 cert.pem

                    Looking inside the pem file it's just a standard CA signed root certs.  Alot of them set to expire around 2020 to 2030

                    1 Reply Last reply Reply Quote 0
                    • C
                      cmb
                      last edited by Jan 8, 2016, 5:12 AM

                      That looks correct. Exactly the same file size as it should be.

                      -rw-r--r--  1 root  wheel  944280 Dec 21 15:20 cert.pem
                      
                      

                      Guessing it likely matches this SHA.

                      : sha256 /usr/local/etc/ssl/cert.pem
                      SHA256 (/usr/local/etc/ssl/cert.pem) = 2629766a1e695df07dfcdc86eae7afa562a43f8d6d2a74a8e9eddccf5ece5dd6
                      

                      Which does work.

                      : fetch -v https://packages.pfsense.org
                      looking up packages.pfsense.org
                      connecting to packages.pfsense.org:443
                      SSL options: 81004bff
                      Peer verification enabled
                      Using CA cert file: /usr/local/etc/ssl/cert.pem
                      Verify hostname
                      SSL connection established using ECDHE-RSA-AES256-GCM-SHA384
                      Certificate subject: /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.pfsense.org
                      Certificate issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
                      requesting https://packages.pfsense.org/
                      remote size / mtime: 23 / 1394690197
                      packages.pfsense.org                          100% of   23  B  202 kBps 00m00s
                      
                      
                      1 Reply Last reply Reply Quote 0
                      • L
                        litmk
                        last edited by Feb 3, 2016, 2:02 PM

                        I had this same problem. My certificates were also there and the sha256 matched. I finally rebooted and the problem was fixed.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                          This community forum collects and processes your personal information.
                          consent.not_received