Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't remove broken Certificate Authority

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 4 Posters 858 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      boumacor
      last edited by

      After restoring my 2.5.0 pfsense firewall from fystical to a virtual machine (Proxmox) there is a problem with on of the Certificate Authorities. And a PHP error show up every time.

      When I check my Certificate Authorities I can't select delete (the edit, export and delete icons are not there).

      pfsense.jpg

      Does anyone know how to remove this Certificate Authority ?

      NollipfSenseN 1 Reply Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense @boumacor
        last edited by NollipfSense

        @boumacor Had you tried reboot then immediately go to certificate after logging in, then see whether it allows you to delete?

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        B 1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Is the new VM also pfSense 2.5.0? Did you set the update branch to deprecated before installing acme if so?

          Steve

          1 Reply Last reply Reply Quote 0
          • B
            boumacor @NollipfSense
            last edited by

            @nollipfsense After a reboot the problem is the same. The 3 icons don't show. I've tryed 2 times.

            @stephenw10 I didn't set the update branch to 2.5.0. Just used the 2.5.0 installer in my VM and then restored the configuration. Acme is already gone from the system, but now the CA seems to be the problem.

            Any idea's how to fix this ?

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @boumacor
              last edited by

              @boumacor said in Can't remove broken Certificate Authority:

              Any idea's how to fix this ?

              And it's more easier as you think ;)
              Use the very first trick that pfSense offers you : delete it using tools you trust and manage : a text editor (Install Notepad++).

              Get a first complete config backup, put this is a safe place. If anything goes wrong, you will be back at where you started.
              Get a second copy, open it using Notepadd++ an look for these (example) :

              f2b6e998-9776-42fc-b5da-f680c2f43f4b-image.png

              Delete your <ca> .... </ca>
              You'll recognise it when looking at the description field.

              Remember to respect leading tabs, spaces, whatever, do a clean cut.

              Save the file.
              Import it back in pfSense.
              Have pfSense reboot.
              Done.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                I would guess that what happened here is when you restored the config it pulled in the acme package from 2.6 (the current stable version) and that broke some of the cert libs required.
                If you need to do it again I would either install 2.6 directly or upgrade the VM to 2.6 before you restore the config.

                Steve

                GertjanG 1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @stephenw10
                  last edited by Gertjan

                  @stephenw10

                  Yep, that's another possible issue : Installing a package (always the latest version) on a pfSense system that is not on the latest (2.6.0 if you use the free edition) version can work out fine.
                  More often it breaks stuff.

                  That's why :
                  If you decide NOT keep pfSense on the latest vesrion then you also decide not to upgrade / install packages any more.
                  Not respecting this rule is like playing with a six barrel gun and a bullet.
                  ( we all saw the movie Deerhunter ones in our lives, right ? )

                  Read / click on the image :

                  0c26b335-292e-4d62-bafd-2840b0cfa267-image.png

                  Note : with some 'small' packages, like "Notes", you might get away with it.

                  When you see this :

                  6b4a7c6a-5366-4380-afa8-da3e98de2a03-image.png

                  and you see that huge stuff like php74 gets pulled in - and knowing that pfSense uses also php7x for it's WebGUI, I would consider that as a huge red flag.

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.