Snapshot on 11th Jan 2011 GUI not work
-
JimP, like you, I have no such line in my /var/etc/lighty-webConfigurator.conf
To get the error you posted earlier, you have to have the ca line in the lighty config. If it wasn't there, you wouldn't get the error about ca.pem.
-
If I understand correctly, I should have that line in my file?
EDIT: I can't verify if it is in there because when I change the login to HTTPS I get a timeout on my browser and have to reset it using the "Set interface(s) IP address" on the console to revert back to HTTP.
-
You posted that you had an error referencing ca.pem, in order for that error to happen, you have to have a line in the lighty config file that references ca.pem.
-
It is due to a CA getting deleted. My main CA that was created to access the webgui was deleted, but I am questioning why it has been deleted on two different machines with different configurations. Wondering if it happened with one of the upgrades because it has been in there since I initially configured the firewall.
EDIT: All is working now that I recreated the CA. Thanks JimP!!
-
I've never had a CA go missing, and I have VMs with up to 10 CAs on them that I use when testing the cert manager…
-
The CA still shows up in my backup (from Nov. 1st) but doesn't show on the firewall itself config when I backed it up now. It shows the newly generated one in it, but not the old one from the Nov. 1st backup.
-
Make sure you are looking in the right spot. The CA's should be near the bottom and not under <system>- they used to be there before in really old configs but were moved quite some time ago (and the upgrade code relocated them)
They should be under their own <ca>tag, <cert>tag, and <crl>tag toward the end of the config.
I just checked in a better test to make sure an empty CA isn't written out or used. Next snapshot should have it – one was not building but the commit should make the builders start a new run.</crl></cert></ca></system>
-
If someone hitting this error wants to try and see if this helps, here's the commit:
https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/546f30caee9165f253d9ed3d84e23f03e82626d8
-
Yeah, they're showing up right where they should in the old config (backup). In the new one, these keys don't exist. The only thing I ever do is doing the updates on the pfSense. I noticed the problems on the 11th's snaps. That's when I couldn't login.
-
What is the config version on the old one, and the new one? It would be at the top of the config
<version>7.6</version> -
7.5 in the old one
7.6 in the new one -
The only change between those two revisions was the addition of a cron job, nothing that should have touched the certs.
