Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.5.0 is deleting certs needed for SSL LDAP Squid auth

    Scheduled Pinned Locked Moved Cache/Proxy
    4 Posts 2 Posters 444 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CZvacko
      last edited by

      In 2.4.5-p1 I installed 3 files with certificates into /etc/ssl/certs/, then I was able use SSL LDAP auth in Squid. But after the upgrade, these files were missing. I assumed it was the result of an update, so I copied them back. But after reboot, file are AGAIN gone. What do to ?

      BTW, it seems update also broken squidGuard functionality with my config (I'm using "mixed auth mode" described here). It just allow everyhing, even deny category in ACL. To let it work, I tried press "Apply", also tried reboot. The problem remains...

      viktor_gV 1 Reply Last reply Reply Quote 0
      • viktor_gV
        viktor_g Netgate @CZvacko
        last edited by

        @czvacko said in 2.5.0 is deleting certs needed for SSL LDAP Squid auth:

        In 2.4.5-p1 I installed 3 files with certificates into /etc/ssl/certs/, then I was able use SSL LDAP auth in Squid. But after the upgrade, these files were missing. I assumed it was the result of an update, so I copied them back. But after reboot, file are AGAIN gone. What do to ?

        Please use the System / Cert Manager to import your certificates.
        With pfSense 2.5 you can import it into the OS certificate store:
        Screenshot from 2021-02-20 15-15-40.png

        https://docs.netgate.com/pfsense/en/latest/certificates/ca.html:
        When creating a CA entry, the following options are available:

        Trust Store

        Controls whether or not this CA is added to the certificate trust store on the firewall. When added to the trust store, a CA will be considered valid for all certificate operations performed by the operating system. If the firewall must contact a server using a certificate issued by a private CA, this allows such certificates to be trusted by client programs such as LDAP authentication, SMTP notifications, URL table connections, and many others.

        1 Reply Last reply Reply Quote 0
        • C
          CZvacko
          last edited by

          @viktor_g
          Ok, this worked 👍
          But my 1st attempt failed, I probably didn't follow sequence of authorities inside certificates, so I deleted them all and in 2nd attempt (with a good sequence) its ok and Squid auth works.

          How about squidGuard ? Were there any changes in the source code ?

          viktor_gV 1 Reply Last reply Reply Quote 0
          • viktor_gV
            viktor_g Netgate @CZvacko
            last edited by

            @czvacko said in 2.5.0 is deleting certs needed for SSL LDAP Squid auth:

            How about squidGuard ? Were there any changes in the source code ?

            Please create a new topic/bugreport with this issue

            Could be related to https://redmine.pfsense.org/issues/11434

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.