Error creating new internal certificate

  • Hi everyone,

    I am triying to create a new internal certificate to use it with a pfsense user. I tried by two ways:

    • The first way is creating an user and clicking on "Click to create a user certificate". It creates a certificate but in Distinguished Name (Cert. Manager) this certificate is empty.
    • Second one is Add new certificate in Cert. Manager and choose internal certificate. I get this error:
          openssl library returns: error:0906D06C:PEM routines:PEM_read_bio:no start line

    I used the same CA to create others internal certificates in past. I don't know how to debug/solve this problem.

    Thanks beforehand.

  • May be the cert of the CA is now corrupted by some way because of a software upgrade? I think this is the reason but i'm not sure.

  • Rebel Alliance Developer Netgate

    What does the CA look like in the certificate manager on the CA tab?

    An upgrade wouldn't touch, and couldn't "corrupt" a CA. Maybe you're choosing the wrong CA when creating these certificates?

  • Hi! Thanks beforehand for your reply.
    I attach a capture of my Ca Cert in Ca tab. I checked (again) if it is the correct certificate and it is.

  • Rebel Alliance Developer Netgate

    That looks OK, at least what I can see. It's internal, not expired, etc. Maybe it's something in one of the fields of the certificate you are trying to create. Are you using any special/accented characters or other formatting that might throw it off?

    The fields should have encoding to protect all of that, but it's still worth checking just to be safe.

  • hello gentlemen
    I am facing exactly the same problem after installing version 2.4.3.

    Error while generating a certificate. CA works fine bit not server/client certificates. CA looks great, no special characters, nothing. Same I always use.

    Error message:  openssl library returns: error:0906D06C:PEM routines:PEM_read_bio:no start line


  • Rebel Alliance Developer Netgate

    Do you mind sending me a copy of the CA certificate (not the key) and the exact, unredacted, values you have used when trying to create this new certificate? You can send them via PM so they are not public.

  • hello Jimp
    doing it right now.


  • This post is deleted!

Log in to reply