Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense CE in Azure - certctl rehash skipping untrusted certificates under /usr/share/certs/trusted looks very wrong?

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 25 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      TheBigBear
      last edited by

      my pfSense rep 2.7.2 CE running on Azure skips over certificates that I think might possibly be needed as I try to upgrade to the latest released CE edition 2.8.0?

      certctl rehash
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Skipping untrusted certificate /usr/share/certs/trusted/Cybertrust_Global_Root.pem (/etc/ssl/untrusted/76cb8f92.0)
Skipping untrusted certificate /usr/share/certs/trusted/DST_Root_CA_X3.pem (/etc/ssl/untrusted/2e5ac55d.0)
Skipping untrusted certificate /usr/share/certs/trusted/GlobalSign_Root_CA_-_R2.pem (/etc/ssl/untrusted/4a6481c9.0)
Skipping untrusted certificate /usr/share/certs/trusted/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem (/etc/ssl/untrusted/1636090b.0)
Skipping untrusted certificate /usr/share/certs/trusted/Network_Solutions_Certificate_Authority.pem (/etc/ssl/untrusted/4304c5e5.0)
Skipping untrusted certificate /usr/share/certs/trusted/Staat_der_Nederlanden_EV_Root_CA.pem (/etc/ssl/untrusted/03179a64.0)
Skipping untrusted certificate /usr/share/certs/trusted/TrustCor_ECA-1.pem (/etc/ssl/untrusted/7aaf71c0.0)
Skipping untrusted certificate /usr/share/certs/trusted/TrustCor_RootCert_CA-1.pem (/etc/ssl/untrusted/5d3033c5.0)
Skipping untrusted certificate /usr/share/certs/trusted/TrustCor_RootCert_CA-2.pem (/etc/ssl/untrusted/3e44d2f7.0)
Scanning /usr/local/share/certs for certificates...

      I am trying to run this certctl rehash cmd because my System -> Update -> Branch box is NOT empty, BUT it says ``unknown```

      so the two solutions here earlier for going from 2.7.0 to 2.7.1
      https://forum.netgate.com/topic/189596/issue-upgrading-from-2-7-0-to-2-7-2/3
      and the "new" (?) issue of trying to upgrade from 2.7.2 to 2.8.0
      https://forum.netgate.com/topic/198063/pfsense-2-8-ce-azure/3?_=1754491614229
      don't seem to work.

      Is this deliberate?
      Do Netgate simply get rid of needed important certificates AND wipe the contents of /usr/local/etc/pfSense/pkg/repos/?

      The few lines from @McNubblet no longer seem to work?

      1 Reply Last reply Reply Quote 0
      • stephenw10S Online
        stephenw10 Netgate Administrator
        last edited by

        Skipping the untrusted certs there is expected in any install.

        CE is not supported in Azure.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.