The package server's SSL certificate could not be verified.
-
I wonder if this could be related to the issue I'm seeing with 2 url table aliases no longer able to download via ssl after upgrade from 2.2.5 to 2.2.6. Even after a fresh full install.
https://forum.pfsense.org/index.php?topic=104392.0
USB memstick, i386, VGA
-
That's definitely indicative of a problem of some sort. If you go to a command prompt and run the following, what do you get?
fetch https://packages.pfsense.org
I wonder if this could be related to the issue I'm seeing with 2 url table aliases no longer able to download via ssl after upgrade from 2.2.5 to 2.2.6.
https://forum.pfsense.org/index.php?topic=104392.0If you'd do what I asked in that thread and post back results there, maybe we could determine that.
-
I get
$ fetch https://packages.pfsense.org packages.pfsense.org 0 B 0 Bps
when I run that command on:
2.2.6-RELEASE (amd64)
built on Mon Dec 21 14:50:08 CST 2015
FreeBSD 10.1-RELEASE-p25Carlos
-
I get
$ fetch https://packages.pfsense.org packages.pfsense.org 0 B 0 Bps
That's the correct expected output. I presume in your case your interest is re: the IPsec post you made, which is completely unrelated to what this thread is about. IPsec certificates are a completely different, separate component and their verification has no relation to fetch.
-
No, I just thought it might be helpful. I was already remoted into my pfSense box and it only took a minute or two to put together the post.
Carlos
-
I am getting this when trying to fetch it in the command prompt:
$ fetch https://packages.pfsense.org
No server SSL certificate
fetch: https://packages.pfsense.org: Authentication error -
I am getting this when trying to fetch it in the command prompt:
$ fetch https://packages.pfsense.org
No server SSL certificate
fetch: https://packages.pfsense.org: Authentication errorThat's why. What files do you have in /usr/local/etc/ssl/?
-
Just one file:
[2.2.6-RELEASE]/usr/local/etc/ssl: ls -l
total 960
-rw-r–r-- 1 root wheel 944280 Dec 21 13:20 cert.pemLooking inside the pem file it's just a standard CA signed root certs. Alot of them set to expire around 2020 to 2030
-
That looks correct. Exactly the same file size as it should be.
-rw-r--r-- 1 root wheel 944280 Dec 21 15:20 cert.pem
Guessing it likely matches this SHA.
: sha256 /usr/local/etc/ssl/cert.pem SHA256 (/usr/local/etc/ssl/cert.pem) = 2629766a1e695df07dfcdc86eae7afa562a43f8d6d2a74a8e9eddccf5ece5dd6
Which does work.
: fetch -v https://packages.pfsense.org looking up packages.pfsense.org connecting to packages.pfsense.org:443 SSL options: 81004bff Peer verification enabled Using CA cert file: /usr/local/etc/ssl/cert.pem Verify hostname SSL connection established using ECDHE-RSA-AES256-GCM-SHA384 Certificate subject: /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.pfsense.org Certificate issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA requesting https://packages.pfsense.org/ remote size / mtime: 23 / 1394690197 packages.pfsense.org 100% of 23 B 202 kBps 00m00s
-
I had this same problem. My certificates were also there and the sha256 matched. I finally rebooted and the problem was fixed.