Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNSBL Certificate Error: INVALID CA

    Scheduled Pinned Locked Moved pfBlockerNG
    2 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rsaanon
      last edited by

      ENV: pfSense v2.4.3, pfBlockerNG v2.1.2_2

      Please see attached screenshots..

      Background:  When accessing sites blocked by DNSBL, I get an SSL error: CERTIFICATE AUTHORITY  INVALID error on the latest Chrome as well as Firefox browsers.  As suggested by other related post on the forum, I have edited the pfBlockerNT.inc line#3630 so the pfBlockerNG/DNSBL does not use the DNSBL VIP; the modified line looks like:```
      $domain_data .= "local-data: "" . $line . " 60 IN A 0.0.0.0"\n";

      
      To @BBcan177: 
      I use internal self-signed CA to generates user & server certificates for openVPN purposes.
      Should DNSBL be using the internal/self-signed CA Authority for creating certificates in order to avoid SSL Cert errors?  I would  assume that in most scenarios, the internal CA created under pfSense is setup as Trusted CA by the client machines (as it is in my home network).  Having this configuration setup, would eliminate the errors mentioned.
      ![DNSBL_Cert.PNG](/public/_imported_attachments_/1/DNSBL_Cert.PNG)
      ![DNSBL_Cert.PNG_thumb](/public/_imported_attachments_/1/DNSBL_Cert.PNG_thumb)
      ![DNSBL_Chrome_CA_INVALID.PNG](/public/_imported_attachments_/1/DNSBL_Chrome_CA_INVALID.PNG)
      ![DNSBL_Chrome_CA_INVALID.PNG_thumb](/public/_imported_attachments_/1/DNSBL_Chrome_CA_INVALID.PNG_thumb)
      1 Reply Last reply Reply Quote 0
      • R
        rsaanon
        last edited by

        BTW, after making changes to pfBlockerNG.inc:

        head -10 pfb_dnsbl.conf

        local-data: "004b17a0c349157de.com 60 IN A 0.0.0.0"
        local-data: "006a039c957c142bb.com 60 IN A 0.0.0.0"
        local-data: "007-gateway.com 60 IN A 0.0.0.0"
        local-data: "0073dd485d46d930dd9.com 60 IN A 0.0.0.0"
        local-data: "00aaa2d81c1d174.com 60 IN A 0.0.0.0"
        local-data: "00e20f955428d.com 60 IN A 0.0.0.0"
        local-data: "00zasdf.pw 60 IN A 0.0.0.0"
        local-data: "012469af389a1d1246d.com 60 IN A 0.0.0.0"
        local-data: "0194c6fcbb3.com 60 IN A 0.0.0.0"
        local-data: "019f2d2d415.review 60 IN A 0.0.0.0"

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.