Cipher missing from server post Server Certificate renewal
-
@prashant-joshi At this point of the head-scratching process, I would reinstall (remove and install) the OpenVPN package manually via cli.
-
@Gertjan are you really on 23.05.1 ? I would move to current supported version 23.09.1 - there has been multiple changes, big one is jump to open ssl3, and I know the openvpn version has also been updated.
23.05.1 is no longer on the supported list.
If it was me, I would upgrade to current, and if your certs are still not working... Create new..
-
@johnpoz We tried TS via anydesk (as securely as possible...) and in the end, it was throwing the "libssl.so.30 not found" error. In about 3 hours (when their workplace will empty) they will attempt the update.
I wonder why I was spared from that when I updated, with my 2+ year old certs... Maybe because I have everything ECDSA.
-
@NightlyShark said in Cipher missing from server post Server Certificate renewal:
ECDSA
I am pretty much exclusively using those.. I just created a couple for my new cams I got.. I might have some older but have started using those for the last few years.. And using those for my openvpn stuff.
-
@johnpoz And... a little bird told me that the only secure curve that was not recommended by certain people that are known to be allergic to public encryption (caugh, PRISM!, caugh) was secp521r1...
-
@johnpoz That little bird is google, ok? hahaha
-
@NightlyShark said in Cipher missing from server post Server Certificate renewal:
"libssl.so.30 not found"
That's your system telling you : don't stay on older versions of pfSense. Upgrade to the actual version (23.09.1) asap and you'll be fine.
And note somewhere for the future : "never ever upgrade / install / 'do things with' packages before you've upgrade pfSense to the latest available version first". -
@Gertjan It's not my system... Not my thread, even. I just talk too much, hahaha.
-
@johnpoz said in Cipher missing from server post Server Certificate renewal:
@Gertjan are you really on 23.05.1 ?
Me ? Your kidding. 23.05.1 was ok, probably, I don't remember, 23.09.1 is pretty rock solid (for me). "VPN" (server) works well.
My bird says : if update is available, let the dust settle for a couple of days, and then click : upgrade.Btw : I've still my 10 years certs in service :
Total Lifetime: 3650 days
Lifetime Remaining: 1027 days until expirationThese were the less secure days I guess ...
-
@Gertjan @NightlyShark Thanks for your support and advice. Post version upgrade the issue was resolved.
Things are in control now and working well...
Once again thank you everyone.....