• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

2.5.0 is deleting certs needed for SSL LDAP Squid auth

Scheduled Pinned Locked Moved Cache/Proxy
4 Posts 2 Posters 455 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    CZvacko
    last edited by Feb 20, 2021, 11:25 AM

    In 2.4.5-p1 I installed 3 files with certificates into /etc/ssl/certs/, then I was able use SSL LDAP auth in Squid. But after the upgrade, these files were missing. I assumed it was the result of an update, so I copied them back. But after reboot, file are AGAIN gone. What do to ?

    BTW, it seems update also broken squidGuard functionality with my config (I'm using "mixed auth mode" described here). It just allow everyhing, even deny category in ACL. To let it work, I tried press "Apply", also tried reboot. The problem remains...

    V 1 Reply Last reply Feb 20, 2021, 12:18 PM Reply Quote 0
    • V
      viktor_g Netgate @CZvacko
      last edited by Feb 20, 2021, 12:18 PM

      @czvacko said in 2.5.0 is deleting certs needed for SSL LDAP Squid auth:

      In 2.4.5-p1 I installed 3 files with certificates into /etc/ssl/certs/, then I was able use SSL LDAP auth in Squid. But after the upgrade, these files were missing. I assumed it was the result of an update, so I copied them back. But after reboot, file are AGAIN gone. What do to ?

      Please use the System / Cert Manager to import your certificates.
      With pfSense 2.5 you can import it into the OS certificate store:
      Screenshot from 2021-02-20 15-15-40.png

      https://docs.netgate.com/pfsense/en/latest/certificates/ca.html:
      When creating a CA entry, the following options are available:

      Trust Store

      Controls whether or not this CA is added to the certificate trust store on the firewall. When added to the trust store, a CA will be considered valid for all certificate operations performed by the operating system. If the firewall must contact a server using a certificate issued by a private CA, this allows such certificates to be trusted by client programs such as LDAP authentication, SMTP notifications, URL table connections, and many others.

      1 Reply Last reply Reply Quote 0
      • C
        CZvacko
        last edited by Feb 20, 2021, 12:56 PM

        @viktor_g
        Ok, this worked 👍
        But my 1st attempt failed, I probably didn't follow sequence of authorities inside certificates, so I deleted them all and in 2nd attempt (with a good sequence) its ok and Squid auth works.

        How about squidGuard ? Were there any changes in the source code ?

        V 1 Reply Last reply Feb 20, 2021, 1:41 PM Reply Quote 0
        • V
          viktor_g Netgate @CZvacko
          last edited by Feb 20, 2021, 1:41 PM

          @czvacko said in 2.5.0 is deleting certs needed for SSL LDAP Squid auth:

          How about squidGuard ? Were there any changes in the source code ?

          Please create a new topic/bugreport with this issue

          Could be related to https://redmine.pfsense.org/issues/11434

          1 Reply Last reply Reply Quote 0
          3 out of 4
          • First post
            3/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received