added my renew ssl certificate to one of my PFSense and the web interface stopped working.
-
Hi,
I added my renew ssl certificate to one of my PFSense and the web interface stopped working.
In SSH I tryied a rc.restart.webgui and got"Restarting webConfigurator...Error: cannot open certification file in system_webgui_)start(). Done
What can I do? -
@PhilJans said in added my renew ssl certificate to one of my PFSense and the web interface stopped working.:
In SSH I tryied a rc.restart.webgui and got
Why ?
Option 11 is the same thing.@PhilJans said in added my renew ssl certificate to one of my PFSense and the web interface stopped working.:
What can I do?
Use option 15 and choose a config from 'just before'.
Then focus on that "adding renewd cert" : adding a cert that has not the good format should not break the GUI, because the GUI it is not using that cert .
-
option 15 worked !! tx!
Now I do not know why installing my certificate broke the GUI : but it DID.
That's a question that need to be ask to Netgate.
Now I will try again to install it or a different one and at least, if it breaks the gui, I'll know what to do.
Thanks
-
You are aware of the fact that pfSense can handle certificates just fine ? I'm talking about the trusted ones. You have a domain name, so take a look at the acme package.
That said, there is a lot of type checking done before a cert is accepted. I'm somewhat curious what you are trying to feed into pfSense ...
I advise you to import a cert, and when it's ok, only then have the GUI actually using it - switching over to it. -
It's definitively a bug from PfSense and I know where.
I tried again adding the "certificate data" I had and the "private key data" and switching the webConfigurator to it and everytime the web console stops working.
What I did after is I exported from my other pfsense the certificate and the private key (so weird it lets you export a private key...) and I used both of them in my problematic pfsense and the web interface didn't crash.
So I haven't compared the 2 pieces of information but my conclusion is that pfsense accept an import of a "Certificate Data" and a "Private Key Data" that do not go together but then it crashes the whole console after reloading it.
-
Your cert info looks like this :
-----BEGIN CERTIFICATE-----
MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw
GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2
MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK5478BAQDtWKySDn7rWZc5ggjz3ZB0
8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym
oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0
ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN
xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56
dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9
AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw
HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0
BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu
b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu
Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq
hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF
UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9
AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr1589F2rtGtazSqVqK9E07sGHMCf+zp
DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7
IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf
zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI
PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w
SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH79RtQtDkHBRdkNBsMbD+Em
2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0
WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt
n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU=
-----END CERTIFICATE-----?
The "Certificate Private Key (optional)" is optional.
Needed if you want to revoke the cert, something that has no real meaning for a "firewall GUI".
Try with this part.Also : there is s/ was some cert issue, resolved in the 2.5.0 dev version. Check redmine.