Can't remove broken Certificate Authority
-
After restoring my 2.5.0 pfsense firewall from fystical to a virtual machine (Proxmox) there is a problem with on of the Certificate Authorities. And a PHP error show up every time.
When I check my Certificate Authorities I can't select delete (the edit, export and delete icons are not there).
Does anyone know how to remove this Certificate Authority ?
-
@boumacor Had you tried reboot then immediately go to certificate after logging in, then see whether it allows you to delete?
-
Is the new VM also pfSense 2.5.0? Did you set the update branch to deprecated before installing acme if so?
Steve
-
@nollipfsense After a reboot the problem is the same. The 3 icons don't show. I've tryed 2 times.
@stephenw10 I didn't set the update branch to 2.5.0. Just used the 2.5.0 installer in my VM and then restored the configuration. Acme is already gone from the system, but now the CA seems to be the problem.
Any idea's how to fix this ?
-
@boumacor said in Can't remove broken Certificate Authority:
Any idea's how to fix this ?
And it's more easier as you think ;)
Use the very first trick that pfSense offers you : delete it using tools you trust and manage : a text editor (Install Notepad++).Get a first complete config backup, put this is a safe place. If anything goes wrong, you will be back at where you started.
Get a second copy, open it using Notepadd++ an look for these (example) :
Delete your <ca> .... </ca>
You'll recognise it when looking at the description field.Remember to respect leading tabs, spaces, whatever, do a clean cut.
Save the file.
Import it back in pfSense.
Have pfSense reboot.
Done. -
I would guess that what happened here is when you restored the config it pulled in the acme package from 2.6 (the current stable version) and that broke some of the cert libs required.
If you need to do it again I would either install 2.6 directly or upgrade the VM to 2.6 before you restore the config.Steve
-
Yep, that's another possible issue : Installing a package (always the latest version) on a pfSense system that is not on the latest (2.6.0 if you use the free edition) version can work out fine.
More often it breaks stuff.That's why :
If you decide NOT keep pfSense on the latest vesrion then you also decide not to upgrade / install packages any more.
Not respecting this rule is like playing with a six barrel gun and a bullet.
( we all saw the movie Deerhunter ones in our lives, right ? )Read / click on the image :
Note : with some 'small' packages, like "Notes", you might get away with it.
When you see this :
and you see that huge stuff like php74 gets pulled in - and knowing that pfSense uses also php7x for it's WebGUI, I would consider that as a huge red flag.
