struggling with Certificates
Hi Nooby here. Hope this is the right place for my topic.
I have bought an SG1100 for my home/office network. It has not arrived yet so I launched pfsense V2.4.4 on an old computer to try to learn the trade. It has been up for more than a week. I have added pfBlockerNG and Snort. They seem to work.
What I really want next is an openVPN server to gain protection as a road warrior.
I have had many many goes but can't get it to work. I followed a blow by blow instruction set from ceos3c. I got as far as seeing the remote iPhone OVPN traffic bouncing off the firewall but no response from the server - why I don't know yet because the wizard is supposed to create a rule to let it in. I felt I could maybe figure it out but went right back to the start to begin again.
Problem - soon failed because this time the certificate manager would not create a server certificate it kept returning
"The following input errors were detected:
openssl library returns: error:0906D06C:PEM routines:PEM_read_bio:no start line openssl library returns: error:0906D06C:PEM routines:PEM_read_bio:no start line
I see this has happened before but I am so new I don't know how to find what the solution was. However that was several pfsense version ago.
Now I am stuck and unsure what to do next. I feel like I should be able to climb over the wreckage and get pfsense to clean up the configuration. Maybe that does not always work?
What is happening?
Any assistance gratefully received
Grimson last edited by
I followed a blow by blow instruction set from ceos3c
Better follow official sources:
Thank you for the documentation references. I have not made myself clear. I have been creating certificates successfully for a week following blow by blow guides. It is all based on a self certificate authority so no outside references. Authority certificate successful. User certificate successful.
Server certificate not successful as per first post. Why? it all worked last week.
If it worked and then stopped, it's most likely:
- Something in your input -- perhaps a value in one of the fields is to blame
- A problem with your clock/time/date
- Something else modified on the firewall that shouldn't have been (e.g. tinkering with
I am grateful for your reply. What I did eventually after trying everything I could think of was to reload the configuration to an apparently safe previous state but to no avail. Finally I reloaded the 220.127.116.11 distro and rebuilt to where I was when the calamity made its appearance and all was well. Once in the clear I clicked for the 18.104.22.168 and that loaded beautifully.
You will be right I am sure but I just could not find it. As a noob I am a great deal clumsy and inattentive but I now have a working installation with OVPN server and clients, pfBlockerNG and Snort. I await delivery of my SG1100. What I am running on is an old AMD Athlon 2core with hardware crypto acceleration. I don't think that is working yet on the SG1100.