added my renew ssl certificate to one of my PFSense and the web interface stopped working.



  • Hi,
    I added my renew ssl certificate to one of my PFSense and the web interface stopped working.
    In SSH I tryied a rc.restart.webgui and got

    "Restarting webConfigurator...Error: cannot open certification file in system_webgui_)start(). Done
    What can I do?



  • @PhilJans said in added my renew ssl certificate to one of my PFSense and the web interface stopped working.:

    In SSH I tryied a rc.restart.webgui and got

    Why ?
    Option 11 is the same thing.

    @PhilJans said in added my renew ssl certificate to one of my PFSense and the web interface stopped working.:

    What can I do?

    Use option 15 and choose a config from 'just before'.

    Then focus on that "adding renewd cert" : adding a cert that has not the good format should not break the GUI, because the GUI it is not using that cert .



  • option 15 worked !! tx!

    Now I do not know why installing my certificate broke the GUI : but it DID.

    That's a question that need to be ask to Netgate.

    Now I will try again to install it or a different one and at least, if it breaks the gui, I'll know what to do.

    Thanks



  • You are aware of the fact that pfSense can handle certificates just fine ? I'm talking about the trusted ones. You have a domain name, so take a look at the acme package.

    That said, there is a lot of type checking done before a cert is accepted. I'm somewhat curious what you are trying to feed into pfSense ...
    I advise you to import a cert, and when it's ok, only then have the GUI actually using it - switching over to it.



  • It's definitively a bug from PfSense and I know where.

    I tried again adding the "certificate data" I had and the "private key data" and switching the webConfigurator to it and everytime the web console stops working.

    What I did after is I exported from my other pfsense the certificate and the private key (so weird it lets you export a private key...) and I used both of them in my problematic pfsense and the web interface didn't crash.

    So I haven't compared the 2 pieces of information but my conclusion is that pfsense accept an import of a "Certificate Data" and a "Private Key Data" that do not go together but then it crashes the whole console after reloading it.



  • Your cert info looks like this :
    -----BEGIN CERTIFICATE-----
    MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw
    GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2
    MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw
    ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK5478BAQDtWKySDn7rWZc5ggjz3ZB0
    8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym
    oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0
    ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN
    xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56
    dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9
    AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw
    HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0
    BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu
    b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu
    Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq
    hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF
    UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9
    AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr1589F2rtGtazSqVqK9E07sGHMCf+zp
    DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7
    IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf
    zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI
    PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w
    SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH79RtQtDkHBRdkNBsMbD+Em
    2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0
    WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt
    n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU=
    -----END CERTIFICATE-----

    ?

    The "Certificate Private Key (optional)" is optional.
    Needed if you want to revoke the cert, something that has no real meaning for a "firewall GUI".
    Try with this part.

    Also : there is s/ was some cert issue, resolved in the 2.5.0 dev version. Check redmine.


Log in to reply