Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG-1100 Certificate verification failed and seg fault on upgrade fetching packages.

    Official Netgate® Hardware
    3
    4
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nheath
      last edited by nheath

      I tried to upgrade to 21.02_1 on my SG-1100 tonight and in the midst of fetching packages I received this error.

      [186/206] Fetching nss_ldap-1.265_13.txz: ...... done
1082884096:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/usr/local/poudriere/jails/pfSense_plus-v21_02_aarch64/usr/src/crypto/openssl/ssl/statem/statem_lib.c:283:
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo01.netgate.com
1082884096:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/local/poudriere/jails/pfSense_plus-v21_02_aarch64/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Child process pid=67155 terminated abnormally: Segmentation fault
Failed

      It appears that it was in the midst of fetching packages and nothing was changed in the currently installed 2.4.5-RELEASE-p1 system. Is there a way forward? I'm a little hesitant try again right away.

      Looking at this post again,I may have posted it in the wrong category. My apologies. I do not know how to correct this issue.

      S T 2 Replies Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @nheath
        last edited by SteveITS

        I just ran into this on my 2100.

        It's documented.

        "Certain cryptographic hardware can have a software-induced race condition which leads to a problematic state. In this state, pkg will crash with a segmentation fault:

        1085486128:error:14099044:SSL routines:ssl3_send_client_verify:internal error:
        Child process pid=30149 terminated abnormally: Segmentation fault

        In this case, the device must be powered off and back on to recover. A warm reboot is not sufficient to reset the hardware.

        • Navigate to Diagnostics > Halt System
        • Click Halt
        • Wait for the device to shut down. Monitor the console to ensure that the shutdown completes.
        • Unplug the power adapter
        • Plug the power adapter back in"

        Mine shut down in about 20-30s per the logs. I'd just wait a minute or so. I don't recall if the 1100 has lights? But the 2100 and 3100 don't turn the flashing lights off as Halt doesn't power off.

        After that the upgrade ran fine. Note the upgrade took about 10 minutes to finish and boot up for me, which is pretty typical on a slower write speed device. I generally allow 10-15 before I start to think about worrying.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        N 1 Reply Last reply Reply Quote 1
        • N
          nheath @SteveITS
          last edited by

          @teamits Thanks, this worked.

          However I have run into another problem with dns resolution after upgrade. I will open a new thread for that one.

          1 Reply Last reply Reply Quote 0
          • T
            Taz79 @nheath
            last edited by

            @nicheath thank you. I have the same issues now. Trying to update from 21.02.2 to 21.05 ... I will try a cold boot to see if that fixes the issues.. (I have SG-1100).

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.