Package Installer Certificate verification failed
-
Hello,
I just tried to upgrade pfSense-pkg-Cron through the Package Installer. It failed because of 'Certificate verification failed' :
>>> Upgrading pfSense-pkg-Cron... Updating pfSense-core repository catalogue... 1082806272:error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 50 1082806272:error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 50 1082806272:error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 50 1082806272:error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-aarch64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_lib.c:283: pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v22_05_aarch64-core/packagesite.pkg: Authentication error Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/CN=repo00.atx.netgate.com Child process pid=8433 terminated abnormally: Segmentation fault FailedThe shell command 'pkg upgrade' worked fine, package is now upgraded:
pdating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking for upgrades (1 candidates): . done Processing candidates (1 candidates): . done The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-pkg-Cron: 0.3.8 -> 0.3.8_1 [pfSense] Number of packages to be upgraded: 1 8 KiB to be downloaded. [1/1] Fetching pfSense-pkg-Cron-0.3.8_1.pkg: . done Checking integrity... done (0 conflicting) [1/1] Upgrading pfSense-pkg-Cron from 0.3.8 to 0.3.8_1... [1/1] Extracting pfSense-pkg-Cron-0.3.8_1: .......... done Removing Cron components... Menu items... done. Loading package instructions... Saving updated package information... overwrite! Loading package configuration... done. Configuring package components... Loading package instructions... Custom commands... Executing custom_php_resync_config_command()...done. Menu items... done. Writing configuration... done.Has anyone else experienced this before? Is there a way to fix the certificate verification of the Package Installer?
-
@teunbruijnen said in Package Installer Certificate verification failed:
rec_layer_s3.c:1544:SSL alert number 50
This looks exactly like what can happen on a sg1100, is that what you have?
https://forum.netgate.com/topic/165700/repo01-netgate-com-tls-cert-seems-invalid
The fix for sg1100 has been a complete power cycle.
-
@johnpoz always humbling when a bit more research would've showed me a solution, right on this forum!! You are correct, it is an SG-1100.
I don't know how to test for the certificate verification failure now that I've upgraded the package. But the first thing I'll try when the error comes back is do a power cycle! Thanks for the quick reply and have a nice weekend.
