Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CA Certificate renewal went wrong

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 999 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      Gho57rid3r
      last edited by

      Good day all,

      Long time user, first time poster. I recently had to renew my certificate, something i haven't done previously. i went into the certificate and chose reissue/renew. After a brief pause and the firewall reset, i was back in action. Found out after that when i try to re authenticate with pfSense i now get an error message.

      NET::ERR_CERT_INVALID

      I have cleared my cookies and cache but nothing.

      I can still access pfSense through Firefox, but not through Safari or Chrome. Clearly i did something wrong. I did google the error but not sure where to start on fixing on this.

      Any assistance or a point the right direction would be appreciated.

      Thanks,

      S 1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        If it's the webgui cert you can create a new one from the command line using the php shell:

        pfSsh.php playback generateguicert
        

        Steve

        G 1 Reply Last reply Reply Quote 0
        • S Offline
          SteveITS Rebel Alliance @Gho57rid3r
          last edited by

          @gho57rid3r Have run into this also and I've seen it before here. It is the "the website sent scrambled credentials that Google Chrome cannot process" message I assume?

          You can bypass the warning while, on the error page, type “badidea” or “thisisunsafe” directly in chrome on the same page (just type into nothing).

          Here's a Google forum thread from a couple years ago.

          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
          Upvote 👍 helpful posts!

          1 Reply Last reply Reply Quote 1
          • G Offline
            Gho57rid3r @stephenw10
            last edited by

            @stephenw10

            hmmm.. i tried that and i got back

            Line 1 appears to have generated an error, and has been highlighted. The full response is below.
            Note that the line number in the full PHP response will be 6 lines too large. Nested code and eval() errors may incorrectly point to "line 1".

            1: pfSsh.php playback generateguicert

            Thanks.

            S 1 Reply Last reply Reply Quote 0
            • S Offline
              SteveITS Rebel Alliance @Gho57rid3r
              last edited by

              @gho57rid3r Did you run it as a shell command (command line)? That looks like it was run under PHP.

              FWIW we had tried regenerating the cert/CA cert a few times and just used the above to bypass the Chrome warning since as I recall it was not every PC in our office. And it is a self signed cert so would have the browser warning anyway.

              Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
              Upvote 👍 helpful posts!

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                Yup, sorry if you use the actual php shell directly you just need to run: playback generateguicert

                If you're at the command line you can invoke the shell with the full command:

                [22.01-BETA][root@pfSense.home.arpa]/root: pfSsh.php playback generateguicert
                Generating a new self-signed SSL/TLS certificate for the GUI...Done.
                Restarting webConfigurator...Done.
                

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.