Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    problems with webgui after upgrade from 2.7.0 to 2.7.2

    Scheduled Pinned Locked Moved webGUI
    4 Posts 1 Posters 56 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      nobanzai
      last edited by

      Hi *,

      I upgraded the secondary of my pfSense HA cluster from 2.7.0 to 2.7.2.
      This worked, because I could login via ssh and see "Welcome to pfSense 2.7.2-RELEASE (amd64)". Login via Firefox didn't work, though, because the certificate had been replaced during update, and newer versions of Firefox (desktop) won't allow access to websites with self signed certificates at all (no more questions "accept the risk, ...").
      So I logged in via brave-browser and tried to install a new certificate from my own CA, that is known to pfSense. The former (working) certificate also had been issued by my CA. That didn't succeed, because I couldn't choose the newly imported cert in the configuration for webConfigurator. I tried several combinations of certificate properties, but none of the certs showed up in the drop down list.
      So the first question is: What properties are necessary for webConfigurator to accept the cert.
      Is used TLS Webserver Authentifcation and IPSec End Identity for the extended props.

      Because I wanted to access the GUI from Firefox, I decided to temporarily switch to http until I could create a usable cert. But now the GUI isn't accessible at all, neither via http nor via https. Login in via ssh stil works, though.
      Second question therefore is: Why did this happen and how could I solve it?

      TIA.
      Bye.
      Michael.

      1 Reply Last reply Reply Quote 0
      • N Offline
        nobanzai
        last edited by

        Ok, after changing the config.xml manually back to https, I can access the website via https again, but have to use a private browsing window in Firefox, where the question "accept the risk, ..." still shows up.
        Question numer 1 for the cert props still remains.

        N 1 Reply Last reply Reply Quote 0
        • N Offline
          nobanzai @nobanzai
          last edited by nobanzai

          I tried again to create a usable cert following this link

          https://i12bretro.wordpress.com/2021/02/06/create-and-apply-ssl-certificates-to-pfsense-web-ui/

          but to no avail.
          The resulting cert still isn't selectable.
          I also reimported my CA cert - didn't help either.

          Importing the same certificate into a pfSense 2.7.0 works as expected.
          So I suspect, some security relevant properties have to be set more strict for 2.7.2 - but I can't find out which ones, because the auto generated cert has the same props as my certs have.

          N 1 Reply Last reply Reply Quote 0
          • N Offline
            nobanzai @nobanzai
            last edited by

            Found the reason: The signature digest algorithm of my root ca certificate is too weak 8-(

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.