2.5.0 is deleting certs needed for SSL LDAP Squid auth
-
In 2.4.5-p1 I installed 3 files with certificates into /etc/ssl/certs/, then I was able use SSL LDAP auth in Squid. But after the upgrade, these files were missing. I assumed it was the result of an update, so I copied them back. But after reboot, file are AGAIN gone. What do to ?
BTW, it seems update also broken squidGuard functionality with my config (I'm using "mixed auth mode" described here). It just allow everyhing, even deny category in ACL. To let it work, I tried press "Apply", also tried reboot. The problem remains...
-
@czvacko said in 2.5.0 is deleting certs needed for SSL LDAP Squid auth:
In 2.4.5-p1 I installed 3 files with certificates into /etc/ssl/certs/, then I was able use SSL LDAP auth in Squid. But after the upgrade, these files were missing. I assumed it was the result of an update, so I copied them back. But after reboot, file are AGAIN gone. What do to ?
Please use the System / Cert Manager to import your certificates.
With pfSense 2.5 you can import it into the OS certificate store:
https://docs.netgate.com/pfsense/en/latest/certificates/ca.html:
When creating a CA entry, the following options are available:Trust Store
Controls whether or not this CA is added to the certificate trust store on the firewall. When added to the trust store, a CA will be considered valid for all certificate operations performed by the operating system. If the firewall must contact a server using a certificate issued by a private CA, this allows such certificates to be trusted by client programs such as LDAP authentication, SMTP notifications, URL table connections, and many others.
-
@viktor_g
Ok, this worked
But my 1st attempt failed, I probably didn't follow sequence of authorities inside certificates, so I deleted them all and in 2nd attempt (with a good sequence) its ok and Squid auth works.How about squidGuard ? Were there any changes in the source code ?
-
@czvacko said in 2.5.0 is deleting certs needed for SSL LDAP Squid auth:
How about squidGuard ? Were there any changes in the source code ?
Please create a new topic/bugreport with this issue
Could be related to https://redmine.pfsense.org/issues/11434