Problem with certificate manager



  • Hi,

    I have a pfSense installation on which one I cannot create internal certificate.
    I can create a CA without problem, I can correctly export cert and key.
    But when I create a new cert, the certificate is an empty file and I cannot export any private key.
    On a clean pfSense installation I create CA and certs with same settings without any problem.

    Where can I found log for certificate manager?
    Is there some command line tools for the psSense's certificate manager I can use debug this installation?


  • Rebel Alliance Developer Netgate

    What version are you on?

    What exact settings are you putting in each field when creating the CA and certificate? Anything special about it?



  • I upgraded from 2.3.x to last stable 2.4.x before to add the CA.
    I leave default settings for CA and certificates (key length: 2048, digest: SHA256, Lifetime: 3650) and fill all information fields without any special characters.
    I try on a new pfSense installation to test exactly same settings and its working well.


  • Rebel Alliance Developer Netgate

    If it works on a fresh installation then there must be some part of that previous upgrade that failed.

    If you run "pfSense-upgrade" from a console or ssh shell, does it find anything that needs updated?

    Does "pkg version -vL=" show anything?



  • All packages are up to:

    pkg version -vL=
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up to date.
    Updating pfSense repository catalogue...
    pfSense repository is up to date.
    All repositories are up to date.
    pfSense-upgrade
    >>> Updating repositories metadata... 
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up to date.
    Updating pfSense repository catalogue...
    pfSense repository is up to date.
    All repositories are up to date.
    >>> Unlocking package pfSense-kernel-pfSense... done.
    >>> Setting vital flag on pkg... done.
    >>> Setting vital flag on pfSense... done.
    Your packages are up to date
    

Log in to reply