• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

CRL Errors using externally signed CA

Scheduled Pinned Locked Moved General pfSense Questions
2 Posts 2 Posters 338 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    randomguy228
    last edited by stephenw10 Oct 16, 2021, 4:34 PM Oct 15, 2021, 7:30 PM

    version effected: pfsense CE 2.5.0-RELEASE (amd64)

    Fatal error: Uncaught Error: Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56 Stack trace: 
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(98): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_Subject('') 
#1 /etc/inc/certs.inc(1044): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #61, false) 
#2 /etc/inc/openvpn.inc(1250): crl_update(Array) 
#3 /etc/inc/openvpn.inc(1448): openvpn_reconfigure('server', Array) 
#4 /etc/inc/openvpn.inc(1675): openvpn_restart('server', Array) 
#5 /usr/local/www/vpn_openvpn_server.php(736): openvpn_resync('server', Array) 
#6 {main} thrown in /usr/local/share/openssl_x509_crl/X509_CERT.php on line 56 PHP ERROR: Type: 1, File: /usr/local/share/openssl_x509_crl/X509_CERT.php, Line: 56, Message: Uncaught Error: Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56 Stack trace: 
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(98): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_Subject('') 
#1 /etc/inc/certs.inc(1044): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #61, false) 
#2 /etc/inc/openvpn.inc(1250): crl_update(Array) 
#3 /etc/inc/openvpn.inc(1448): openvpn_reconfigure('server', Array) 
#4 /etc/inc/openvpn.inc(1675): openvpn_restart('server', Array) 
#5 /usr/local/www/vpn_openvpn_server.php(736): openvpn_resync('server', Array) 
#6 {main} thrown

    Receiving the above fatal error when adding a CRL to an OpenVPN Server or when attempting to revoke certificates.

    The CRL was created internally (within pfsense) using an externally signed CA cert/key (which was previously imported into pfsense).

    As a test I created a self-signed CA certificate, created a CRL using it and added it to the OpenVPN server, and do not receive any critical errors. For this test CRL, I can create and revoke certificates without error.

    So it seems the CRL on my pfsense functions properly with a self-signed CA cert/key, but not an externally signed CA Cert/key.

    The externally signed CA certificate and key includes the trust chain (intermediate and root certs) and contains the following parameters:

    Signature Digest: RSA-SHA384
KU: Certificate Sign, CRL Sign
Key Type: RSA
Key Size: 3072
    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Oct 16, 2021, 4:37 PM

      You should test in 2.5.2. However it looks like this known issue: https://redmine.pfsense.org/issues/9889

      Also see: https://redmine.pfsense.org/issues/12327

      Steve

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received