I keep getting these E-mail's from pfSense

ikifar

The subject of the message is:
Arpwatch Notification : Cron <root@pfSense> /usr/bin/nice -n20 /etc/rc.update_bogons.sh
The content of the message is:
Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 34374270280:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/build/ce-crossbuild-245/sources/FreeBSD-src/crypto/openssl/ssl/s3_clnt.c:1269: fetch:

Gertjan

@ikifar said in I keep getting these E-mail from pfSense:

/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

Who is this ?

This : (see other thread how to make this visible ) :

*  subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.pfsense.org
*  start date: Aug 10 00:00:00 2018 GMT
*  expire date: Aug 21 23:59:59 2020 GMT
*  subjectAltName: host "files.pfsense.org" matched cert's "*.pfsense.org"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
*  SSL certificate verify ok.

Me : C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation
You : /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

The 'bogons' live here :
files.pfsense.org/lists/fullbogons-ipv4.txt
files.pfsense.org/lists/fullbogons-ipv6.txt

or
files.pfsense.org :

files.pfsense.org has address 162.208.119.40
files.pfsense.org has address 162.208.119.41
files.pfsense.org has IPv6 address 2607:ee80:10::119:41
files.pfsense.org has IPv6 address 2607:ee80:10::119:40

Just 2 IPv4 and IPv6 addresses - The second IPv4 doesn't work (162.208.119.41 - Connection refused), the first one is used.

ikifar

*   Trying 162.208.119.41:443...
* TCP_NODELAY set
* connect to 162.208.119.41 port 443 failed: Connection refused
*   Trying 162.208.119.40:443...
* TCP_NODELAY set
* Connected to files.pfsense.org (162.208.119.40) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/certs/ca-root-nss.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.pfsense.org
*  start date: Aug 10 00:00:00 2018 GMT
*  expire date: Aug 21 23:59:59 2020 GMT
*  subjectAltName: host "files.pfsense.org" matched cert's "*.pfsense.org"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
*  SSL certificate verify ok.
> GET /lists/fullbogons-ipv4.txt HTTP/1.1
> Host: files.pfsense.org
> User-Agent: curl/7.67.0

Gertjan

@ikifar said in I keep getting these E-mail's from pfSense:

• issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA

You're fine now.

ikifar

I haven't received any E-mails today so lets hope so