I keep getting these E-mail's from pfSense
-
The subject of the message is:
Arpwatch Notification : Cron <root@pfSense> /usr/bin/nice -n20 /etc/rc.update_bogons.sh
The content of the message is:
Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 34374270280:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/build/ce-crossbuild-245/sources/FreeBSD-src/crypto/openssl/ssl/s3_clnt.c:1269: fetch:
-
@ikifar said in I keep getting these E-mail from pfSense:
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
Who is this ?
This : (see other thread how to make this visible ) :
* subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.pfsense.org * start date: Aug 10 00:00:00 2018 GMT * expire date: Aug 21 23:59:59 2020 GMT * subjectAltName: host "files.pfsense.org" matched cert's "*.pfsense.org" * issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA * SSL certificate verify ok.
Me : C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation
You : /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA RootThe 'bogons' live here :
files.pfsense.org/lists/fullbogons-ipv4.txt
files.pfsense.org/lists/fullbogons-ipv6.txtor
files.pfsense.org :files.pfsense.org has address 162.208.119.40 files.pfsense.org has address 162.208.119.41 files.pfsense.org has IPv6 address 2607:ee80:10::119:41 files.pfsense.org has IPv6 address 2607:ee80:10::119:40
Just 2 IPv4 and IPv6 addresses - The second IPv4 doesn't work (162.208.119.41 - Connection refused), the first one is used.
-
* Trying 162.208.119.41:443... * TCP_NODELAY set * connect to 162.208.119.41 port 443 failed: Connection refused * Trying 162.208.119.40:443... * TCP_NODELAY set * Connected to files.pfsense.org (162.208.119.40) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /usr/local/share/certs/ca-root-nss.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.pfsense.org * start date: Aug 10 00:00:00 2018 GMT * expire date: Aug 21 23:59:59 2020 GMT * subjectAltName: host "files.pfsense.org" matched cert's "*.pfsense.org" * issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA * SSL certificate verify ok. > GET /lists/fullbogons-ipv4.txt HTTP/1.1 > Host: files.pfsense.org > User-Agent: curl/7.67.0
-
@ikifar said in I keep getting these E-mail's from pfSense:
- issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
You're fine now.
-
I haven't received any E-mails today so lets hope so