Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    added my renew ssl certificate to one of my PFSense and the web interface stopped working.

    General pfSense Questions
    2
    6
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PhilJans
      last edited by

      Hi,
      I added my renew ssl certificate to one of my PFSense and the web interface stopped working.
      In SSH I tryied a rc.restart.webgui and got

      "Restarting webConfigurator...Error: cannot open certification file in system_webgui_)start(). Done
      What can I do?

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @PhilJans
        last edited by

        @PhilJans said in added my renew ssl certificate to one of my PFSense and the web interface stopped working.:

        In SSH I tryied a rc.restart.webgui and got

        Why ?
        Option 11 is the same thing.

        @PhilJans said in added my renew ssl certificate to one of my PFSense and the web interface stopped working.:

        What can I do?

        Use option 15 and choose a config from 'just before'.

        Then focus on that "adding renewd cert" : adding a cert that has not the good format should not break the GUI, because the GUI it is not using that cert .

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • P
          PhilJans
          last edited by

          option 15 worked !! tx!

          Now I do not know why installing my certificate broke the GUI : but it DID.

          That's a question that need to be ask to Netgate.

          Now I will try again to install it or a different one and at least, if it breaks the gui, I'll know what to do.

          Thanks

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by

            You are aware of the fact that pfSense can handle certificates just fine ? I'm talking about the trusted ones. You have a domain name, so take a look at the acme package.

            That said, there is a lot of type checking done before a cert is accepted. I'm somewhat curious what you are trying to feed into pfSense ...
            I advise you to import a cert, and when it's ok, only then have the GUI actually using it - switching over to it.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • P
              PhilJans
              last edited by

              It's definitively a bug from PfSense and I know where.

              I tried again adding the "certificate data" I had and the "private key data" and switching the webConfigurator to it and everytime the web console stops working.

              What I did after is I exported from my other pfsense the certificate and the private key (so weird it lets you export a private key...) and I used both of them in my problematic pfsense and the web interface didn't crash.

              So I haven't compared the 2 pieces of information but my conclusion is that pfsense accept an import of a "Certificate Data" and a "Private Key Data" that do not go together but then it crashes the whole console after reloading it.

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by

                Your cert info looks like this :
                -----BEGIN CERTIFICATE-----
                MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw
                GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2
                MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw
                ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK5478BAQDtWKySDn7rWZc5ggjz3ZB0
                8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym
                oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0
                ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN
                xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56
                dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9
                AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw
                HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0
                BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu
                b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu
                Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq
                hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF
                UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9
                AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr1589F2rtGtazSqVqK9E07sGHMCf+zp
                DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7
                IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf
                zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI
                PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w
                SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH79RtQtDkHBRdkNBsMbD+Em
                2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0
                WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt
                n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU=
                -----END CERTIFICATE-----

                ?

                The "Certificate Private Key (optional)" is optional.
                Needed if you want to revoke the cert, something that has no real meaning for a "firewall GUI".
                Try with this part.

                Also : there is s/ was some cert issue, resolved in the 2.5.0 dev version. Check redmine.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.