CA is lost after update



  • I'm having an issue. The CA is lost in config.xml after update and System: Certificate Authority Manager is empty

    Is this only mine problem or a bug?

    2.0 BETA5 AMD64
    From: Wed Jan 12 23:13:34 EST 2011
    To new version: Mon Jan 17 23:09:19 EST 2011



  • I see this issue as well. OpenVPN refused to start after the update, with error

    openvpn[13103]: Cannot load CA certificate file /var/etc/openvpn/server1.ca path (null) (SSL_CTX_load_verify_locations) (OpenSSL)
    

    in the log, but after reading your post I went to the Cert Manager and sure enough, no CAs are listed though there should be at least one. This is on two installations so far.



  • I pulled a backup file from the server and found the <ca>entries and pasted the <crt>and <prv>contents into the Import Existing CA fields in the Cert Manager, and it says "The following input errors were detected: This certificate does not appear to be valid." and won't import the CA. I have two of them on this server, both fail the same way, whether or not I use the private key portion.</prv></crt></ca>


  • Rebel Alliance Developer Netgate

    The fields in the backup are base64 encoded. You could paste them into a config directly, but not import them in that way.

    I've had a couple other reports of CAs disappearing but I cannot reproduce it here.

    Do you mind sending me your before-and-after config.xml files that have the CA and then are missing the CA? You can send them to me privately, jimp (at) pfsense [dot] org.

    It may be something about a specific config that is causing the loss.



  • Config files sent, Jim.

    I first tried to restore just the cert stuff from backup using the Backup/Restore area, but there's no Cert-only option there. That's when I tried to paste the cert from the config to import it. Would be nice if it was possible to import certs from the config file without using a tool to convert them to PEM format; if the Cert Manager figured out the base64 encoding automatically or something :-) Anyway, I'll take care of that manually for now and wait to hear on the config files if you find anything. The systems both have the OpenVPN Client Export Utility and the Open-VPN-Tools packages installed, and no others. Both config files lost their CA config during an upgrade to a newer snapshot, between 1/3/2011 and 1/10/1011 for one box and between config changes 20 seconds apart on 1/14/2011 for the other. I'm not sure which snapshots the upgrades were to…but I upgrade one box every couple of weeks (3 or 4 at the most) and the other I usually keep updated every day to every few days.


  • Rebel Alliance Developer Netgate

    Most people will never have to care about the base64 encoded version….

    It's easy to get it back though

    Diagnostics > Command, PHP Execute box:

    $foo = "base64encodedstring";
    echo base64_decode($foo);
    

    I think I may have tracked down what might be causing it, but I'm not 100% sure. You're the second person to show that it happened right after the config upgrade from 7.5 to 7.6, and the only addition there was adding a cron job. The way I added the cron job there was a little different than the other code in the upgrade process so I switched out the code to something more standard for that area.

    The only way to test it for sure would be to restore back to a config that was just before that process and let it upgrade again, to see if it retains your data.



  • If I have time I will test restoring to old config once a new snapshot is out.

    Thanks for the easy base64 conversion, worked great! I wouldn't have thought to use the PHP command area :-)

    Once I restored the CAs I had to edit the OpenVPN configuration and save it, and then the service started fine. I assume the unique id for the CA changed on import and OpenVPN needed to save that change.

    Interestingly, of the two boxes, when I went to the Cert Manager on the "west" one (vs "pf" hostname) there was still one of two CAs there, and I didn't think I'd restored one by that time unless I lost track among the copying/pasting/base_64_decoding :-) The "pf" box only had one CA and it was definitely gone though, but now back after importing it from the config.


  • Rebel Alliance Developer Netgate

    It looks like it only removed one CA, it just happened to be the CA you needed most on that one box.

    Looking deeper I'm not certain that the upgrade code would have caused that at all, and I really don't see anywhere in the OpenVPN client export package that could have removed it either. One of them hadn't even updated to config version 7.6 yet.

    Are you sure that the configs you sent are the exact point where the CAs disappeared?
    the diff function on the config history is handy for tracking that stuff down.



  • Yes, I used the Config History and Diff function there to narrow down the before and after (right next to each other) so the diff actually showed the <ca>lines being removed, and I downloaded the two config files that I compared in the Diffs and sent those. I did that on both boxes. You'd be welcome to login to the boxes and compare yourself, but I've made enough changes since my last post that the specific change point is gone in the Config History now. However, I do have a Veeam Backup virtual machine backup of the "pf" unit that I can restore if you want. I upgraded that one via command line today because upgrading a couple of days ago brought the webgui down and it never came back; upgrading via CLI brought it back after the upgrade. But the full VM gets automatically backed up every day or two.</ca>


  • Rebel Alliance Developer Netgate

    As long as I have the before-and-after configs it should be enough. I'll keep poking at it and see what I can find.



  • OK here's something interesting…the CA didn't match the certs after I reimported it so OpenVPN wouldn't reconned on the "pf" box. So I downloaded a current config file, pasted JUST the <ca>and <certs>sections from the backup that had them still there, and did a full config file restore. When it rebooted after the restore, the Cert Manager shows NO CA's installed even though it's right there in the config.xml file I modified and restored!</certs></ca>


  • Rebel Alliance Developer Netgate

    Sure you got the tags exactly right?

    Yeah the CA import would give it a new certref id so everything that used it would have to be updated to point at the 'new' CA. (or you could edit the config and change the certref to match the previous one) but really if you got the tags right they should be there.



  • The first time, I just copied <ca>and</ca> and everything in between from the old file over top of the same tag in the new file (which had the manually-imported cert already there when I downloaded it). The only thing I'm seeing that's different is the tags are in a slightly different order, and the <serial>4</serial> section doesn't appear to be there in the newly downloaded version but is there in the old version, inside the <ca>section (I left it in).

    I just tried again, and I updated the <caref>to match the CA's <refid>everywhere in the file before uploading this time, rather than re-saving the OpenVPN config, and this time it does seem to have worked, the CA is there and the certs say they are from the proper CA-name, whereas before they were all showing "external" even after the CA was imported.

    OK wait! When I FIRST logged in it was running through the Package Reinstall, which I let complete, and then I checked the Cert Manager. The CA was there and matched up to the certs! Then I went back there a couple of minutes later, making no changes (I visited OpenVPN first and it showed a no-CA error), and the CA was gone again! So it's originally importing fine and then apparently during some of the automated after-install processing it's getting deleted:

    		 1/18/11 10:53:50	 : Installed Open-VM-Tools package.	Current
    		 1/18/11 10:53:48	 : made unknown change	 	 	 
    		 1/18/11 10:53:47	 : Removed Open-VM-Tools package.	 	 	 
    		 1/18/11 10:53:46	 : made unknown change	 	 	 
    		 1/18/11 10:53:01	 admin: /pkg_mgr_install.php made unknown change	 	 	 
    		 1/18/11 10:52:57	 admin: Removed Open-VM-Tools package.	 	 	 
    		 1/18/11 10:52:56	 admin: /pkg_mgr_install.php made unknown change	 	 	 
    		 1/18/11 10:52:51	 : Installed OpenVPN Client Export Utility package.	 	 	 
    		 1/18/11 10:52:49	 admin: Installed OpenVPN Client Export Utility package.	 	 	 
    		 1/18/11 10:52:37	 : made unknown change	 	 	 
    		 1/18/11 10:52:33	 admin: /pkg_mgr_install.php made unknown change	 	 	 
    		 1/18/11 10:52:32	 : Removed OpenVPN Client Export Utility package.	 	 	 
    		 1/18/11 10:52:28	 admin: Removed OpenVPN Client Export Utility package.	 	 	 
    		 1/18/11 10:52:27	 admin: /pkg_mgr_install.php made unknown change	 	 	 
    		 1/18/11 10:52:22	 admin: Creating restore point before package installation.
    		 1/18/11 10:49:33	 admin: /diag_backup.php made unknown change
    

    Those are the changes saved in Config History from the point I hit Restore to restore the config file to current, with me having made no manual changes. Of those, this is where the <ca>section gets deleted, between these two based on using Diff (the 4th and 5th config changes from the top):

    		 1/18/11 10:53:46	 : made unknown change	 	 	 
    		 1/18/11 10:53:01	 admin: /pkg_mgr_install.php made unknown change
    

    Quite odd. If you want to log in, let me know and I'll create a username for you. Keep in mind the two installed packages were first installed, then apparently the upgrade and restore processes are both uninstalling and installing, or at least installing over top of, the old packages, and it appears that somehow in this process a CA gets wiped out.</ca></refid></caref></ca>


  • Rebel Alliance Developer Netgate

    What packages do you have installed? (OR should have installed, I should say.) If there are issues installing/reinstalling the packages I don't really want to trust what is listed in the config vs what you know should be there.



  • Just the Open VM Tools and the OpenVPN Client Export. That's all package manager shows and all I've ever installed on this box I think (I had to rebuild it and restore config at one point a couple of months ago, haven't installed other packages since then). Exact same two packages installed on the "west" box as well, which is running at a totally different location, still a VM (on ESXi 3.5 vs. ESXi 4 for "pf" box), different IPs, both have never really touched the other. The "west" box may have had other packages on it at some point but I don't think so, I think I rebuilt it a few times when testing some CARP failover (which is not currently configured) in the last couple months as well, and haven't used any other packages than those two since.



  • I manually uninstalled the OpenVPN Client Export Utility from the Packages screen. Then I removed the section about it from the <packages>area in the config file that I'd restored earlier, but otherwise left it the same. I restored it again. This time, the Cert Manager shows the cert and it's still there, 10 or 20 minutes later or more. So the issue definitely was somewhere in the reinstall of the OpenVPN Client Export Utility package after the restore/upgrade. I'm going to reinstall the package manually now and see how it goes.</packages>


  • Rebel Alliance Developer Netgate

    Hmm, and nothing in the open-vm-tools package would touch the CAs.

    I'll keep digging at the OpenVPN client export package and see if I can see any scenario where it might do something unusual.



  • OK, another try:

    I manually installed the OpenVPN Client Export Utility package again (this is after the restore earlier after manually removing it and then restoring config file without it included, which worked), and it installed and worked, CA still there. Then I downloaded a new backup file including the OpenVPN Client Export Utility package, and immediately restored it without making any changes. Now, the CA is gone, AND the package failed to reinstall and is not listed in the Installed Packages any longer, even though it was installed before I restored and is listed in the config file I restored. Here's the config history list:

    		 1/18/11 12:11:01	 : Installed Open-VM-Tools package.	Current
    		 1/18/11 12:06:46	 : made unknown change	 	 	 
    		 1/18/11 12:06:43	 : Removed Open-VM-Tools package.	 	 	 
    		 1/18/11 12:06:42	 : made unknown change	 	 	 
    		 1/18/11 12:01:47	 : made unknown change	 	 	 
    		 1/18/11 11:57:11	 admin: Installed OpenVPN Client Export Utility package.	 	 	 
    		 1/18/11 11:57:02	 admin: /pkg_mgr_install.php made unknown change	 	 	 
    		 1/18/11 11:57:01	 admin: Creating restore point before package installation.
    

    First you can see where I installed the OpenVPN Client Export Utility package manually, and then when I restored it at 12:01 that's when the <ca>section disappears, between these two:

     1/18/11 12:01:47	 : made unknown change	 	 	 
    		 1/18/11 11:57:11	 admin: Installed OpenVPN Client Export Utility package.	 	 	 
    
    

    I downloaded a new backup, and can see that the <package>entry for OpenVPN Client Export Utility is gone, and there is no <ca>section, and like I said the Export Utility is now uninstalled, NOT listed in the Package Manager, when it was before the restore.

    I do see in the config file that there are some leftover old settings from mod_security and ha_proxy inside <installedpackages>but those packages themselves have not been installed on this VM in the past, this config was restored to a fresh install since then.</installedpackages></ca></package></ca>


  • Rebel Alliance Developer Netgate

    Very interesting.

    And to make it even more interesting, nothing in the OpenVPN client export code makes a write to the config.

    I still need to see if I can track down what is causing the ": made unknown change" entries.



  • Let me know if remote web or SSH access to this box would be helpful in tracking down the issue. Are there logs I'm not seeing you could look at?


  • Rebel Alliance Developer Netgate

    Nah what you've posted so far may be enough.

    I have just checked in a bunch of things that, while they may not fix it, may at least improve the situation in terms of logging. Hopefully the next snap will behave a bit better.



  • That is strange …

    did update

    2.0-BETA5 (amd64)
    from built on Wed Jan 12 23:13:34 EST 2011
    to built on Tue Jan 18 13:16:28 EST 2011

    CA is NOT lost

    earlier tried

    2.0 BETA5 AMD64
    From: Wed Jan 12 23:13:34 EST 2011
    To new version: Mon Jan 17 23:09:19 EST 2011

    and CA was lost


  • Rebel Alliance Developer Netgate

    I checked in some changes to the OpenVPN Client Export package this afternoon. It's possible the fix was there and not what is coming from the snapshot being built now.



  • I left both packages installed and upgraded one of the two boxes today to the latest snapshot a few hours ago, and it did NOT delete the CA this time! Both packages remain installed. Will upgrade the other as I have time; been a bit busy today. I did set up pfSense as the new firewall at our main office today though, not just my office, and I'm deploying pfSense on two NetGate boxes to customers in the next two days as well :-)



  • me too successfully upgraded without loosing CA to

    2.0-BETA5 (amd64)
    built on Wed Jan 19 20:58:29 EST 2011



  • CA is lost when updated

    2.0-BETA5 (amd64)
    from built on Wed Jan 19 20:58:29 EST 2011
    to built on Thu Jan 20 01:23:56 EST 2011


  • Rebel Alliance Developer Netgate

    Nothing changed that would have affected that between those builds…

    Anything in the system log? What does the config history show for the last few config revisions?



  • Hi,

    my CA is lost, too.

    Updated from:
    2.0-BETA5 (i386) built on Sun Jan 23 02:03:12 EST 2011
    to:
    2.0-BETA5 (i386) built on Sun Jan 23 10:30:03 EST 2011

    Just have "OpenVPN Client Export utility" installed.

    I read this earlier posts but didn't fully understand all.
    If you need some files/configs please let me know step by step what should I have to do to help you.


  • Rebel Alliance Developer Netgate

    If you go to Diagnostics > Backup/Restore on the config history tab, if you do a diff between the config from before the update, and the current config, is the only difference the missing CA?


  • Rebel Alliance Developer Netgate

    I've gone over the package code again and reviewed any place in the system that modifies the CA and came up empty yet again.

    I tried several times in a row on a VM and an ALIX to reproduce it and still have never lost a CA when it upgrades…



  • @jimp:

    If you go to Diagnostics > Backup/Restore on the config history tab, if you do a diff between the config from before the update, and the current config, is the only difference the missing CA?

    Sorry, I don't know how to use this feature :(

    1/23/11 21:07:02 	(system): Installed OpenVPN Client Export Utility package. 	Current
    		1/23/11 21:06:40 	(system): Intermediate config write during package install for OpenVPN Client Export Utility. 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 21:06:37 	(system): Removed OpenVPN Client Export Utility package. 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:57:41 	admin: /system_advanced_admin.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:56:38 	admin: /firewall_nat.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:56:36 	admin: /firewall_nat_edit.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:43:20 	admin: /system_usermanager_settings.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:38:15 	admin: Deleted CRL Test-Liste. 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:32:04 	admin: Deleted Certificate pfsense webGUI from CRL Test-Liste 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:32:02 	admin: Deleted Certificate Remote-User-VPN from CRL Test-Liste 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:31:39 	admin: Revoked cert Remote-User-VPN in CRL Test-Liste. 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:31:32 	admin: Revoked cert pfsense webGUI in CRL Test-Liste. 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:31:04 	admin: Saved CRL Test-Liste 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:22:28 	admin: /firewall_rules_edit.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:22:20 	admin: /firewall_rules_edit.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:21:57 	admin: /firewall_rules_edit.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:21:33 	admin: /firewall_rules_edit.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:19:30 	admin: /system_certmanager.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:19:16 	admin: /system_usermanager.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:18:44 	admin: /vpn_openvpn_server.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:13:16 	admin: /system_certmanager.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:09:28 	admin: /system_certmanager.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:08:50 	admin: /system_camanager.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:08:10 	admin: /system_camanager.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:08:07 	admin: /system_camanager.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:07:57 	admin: /system_certmanager.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:07:34 	admin: /system_usermanager.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:07:12 	admin: /vpn_openvpn_server.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:06:51 	admin: /firewall_rules.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    		1/23/11 20:06:44 	admin: /firewall_rules.php made unknown change 	Revert to this configuration 	Remove this backup 	Download this backup
    	  	1/23/11 20:03:21 	admin: /vpn_openvpn_server.php made unknown change
    

  • Rebel Alliance Developer Netgate

    Doesn't tell me much, really. To use the diff feature, select the "old" config in the first column of radio buttons, and the "new" config in the second column. Then press the diff button and it will show what changed between those two configuration files.

    So in your case, click the radio selector (circle button) in the first colmn next to "1/23/11 20:57:41" and click the topmost radio selector in the second column, then press 'diff'.



  • Configuration diff from 1/23/11 20:57:41 to 1/23/11 21:07:02
    --- /conf/backup/config-1295812661.xml 2011-01-23 21:06:37.000000000 +0100
    +++ /conf/config.xml 2011-01-23 21:07:02.000000000 +0100
    @@ -1655,9 +1655,9 @@
    <traffic_graphs-config>WAN1_graph-config:show,LAN_graph-config:hide,WAN2_graph-config:show,refreshInterval=1</traffic_graphs-config>
    
     <revision>- <time>1295812661</time>
    - 
    - <username>admin</username>
    + <time>1295813222</time>
    + 
    + <username>(system)</username></revision> 
     <openvpn><openvpn-server>@@ -1695,6 +1695,7 @@
    <wins_server1>172.16.0.1</wins_server1>
     <wins_server2><nbdd_server1>+ <dev_mode>tun</dev_mode></nbdd_server1></wins_server2></openvpn-server></openvpn> 
     <l7shaper>@@ -1888,13 +1889,6 @@
    <ovpnallow>on</ovpnallow>
    
    - <ca>- <refid>4d3c7cc0e8548</refid>
    - 
    - <crt>(deleted)</crt>
    - <prv>(deleted)</prv>
    - <serial>2</serial>
    -</ca> 
     <cert><refid>4d3c7ce6de525</refid></cert></l7shaper> 
    

    Hope this was correct ;-) Thanks for taking time!


  • Rebel Alliance Developer Netgate

    I removed your cert data from that post since it really shouldn't be public, I just needed to know if the only thing missing was the CA, and that seems to be the case. Though I'm not sure why that extra setting popped up in the openvpn config for the tun device between those steps, since you didn't change any of the openvpn config, just the package (and it only reads, doesn't write)



  • I did an firmwareupdate on another box but without OpenVPN Client Export Utility and without OpenVPN configured.

    I created a TEST-CA - then did the update - and the TEST-CA is still there:

    Configuration diff from 1/23/11 23:01:34 to 1/23/11 23:51:10
    --- /conf/backup/config-1295820094.xml 2011-01-23 23:31:35.000000000 +0100
    +++ /conf/config.xml 2011-01-23 23:51:10.000000000 +0100
    @@ -804,7 +804,7 @@
    <traffic_graphs-config>WAN_graph-config:show,LAN_graph-config:show,refreshInterval=1</traffic_graphs-config>
    
     <revision>- <time>1295820094</time>
    + <time>1295823070</time>
    
    <username>(system)</username></revision> 
    @@ -1104,4 +1104,11 @@
    <crt>XXXxxxXXX</crt>
    <prv>XXXxxxXXX</prv>
    
    + <ca>+ <refid>4d3caeb37ade1</refid>
    + 
    + <crt>XXXxxxXXX</crt>
    + <prv>XXXxxxXXX</prv>
    + <serial>0</serial>
    +</ca> 
    
    

    Installed packages:
    Cron
    Lightsquid
    squid2


  • Rebel Alliance Developer Netgate

    So on that other box, if you install the client exporter and/or configure openvpn, I wonder if it gets lost.

    Nothing I do (install the package, configure openvpn, etc) has lost a CA for me yet.



  • Hello again,

    today I created a new CA on my first pfsense box, where I have OpenVPN and the OpenVPN Export Utility installed.

    What I did:
    Created a CA
    Restarted the box - CA still exists
    updated from:
    2.0-BETA5 (i386) built on Sun Jan 23 10:30:03 EST 2011
    to:
    2.0-BETA5 (i386) built on Mon Jan 24 07:08:15 EST 2011

    CA still exists!

    This is the config history diff:

    Configuration diff from 1/23/11 21:07:02 to 1/24/11 18:12:36
    --- /conf/backup/config-1295813222.xml 2011-01-24 11:04:23.000000000 +0100
    +++ /conf/config.xml 2011-01-24 18:12:36.000000000 +0100
    @@ -1655,7 +1655,7 @@
    <traffic_graphs-config>WAN1_graph-config:show,LAN_graph-config:hide,WAN2_graph-config:show,refreshInterval=1</traffic_graphs-config>
    
     <revision>- <time>1295813222</time>
    + <time>1295889156</time>
    
    <username>(system)</username></revision> 
    @@ -1903,4 +1903,11 @@
    <crt>XXXxxxXXX</crt>
    <prv>XXXxxxXXX</prv>
    
    + <ca>+ <refid>4d3db071b0917</refid>
    + 
    + <crt>XXXxxxXXX</crt>
    + <prv>XXXxxxXXX</prv>
    + <serial>0</serial>
    +</ca> 
    
    

    I have got another box, where I could do a test. Any special things I should do - any ideas ?


  • Rebel Alliance Developer Netgate

    Restore your config from the one that had the CA disappear, then install the OpenVPN export package, and then run and update. See if it disappears there.

    If it does, then something else in your config is triggering it, though I have no idea what it might be.



  • Couldn't make a cross change with the config files because of different configurations on my two boxes, but on the secon box, where no OpenVPN Server or OpenVPON Export utility was installed I created a CA and then did an Update and everything seems to be fine. CA is still there.

    Don't know why but now it's okay.



  • Next Update. next loss of CA :(

    Configuration diff from 1/25/11 08:36:41 to 1/25/11 08:47:56
    --- /conf/backup/config-1295941001.xml 2011-01-25 08:37:17.000000000 +0100
    +++ /conf/backup/config-1295941676.xml 2011-01-25 09:31:11.000000000 +0100
    @@ -173,8 +173,8 @@
     <time-update-interval><timeservers>0.pfsense.pool.ntp.org</timeservers>
     <webgui>- <protocol>http</protocol>
    - <ssl-certref>4d3c7ce6de525</ssl-certref>
    + <protocol>https</protocol>
    + <ssl-certref>4d3e7dac18276</ssl-certref>
     <port><nodnsrebindcheck><nohttpreferercheck>@@ -1618,9 +1618,9 @@
    <traffic_graphs-config>WAN1_graph-config:show,LAN_graph-config:hide,WAN2_graph-config:show,refreshInterval=1</traffic_graphs-config>
    
     <revision>- <time>1295941001</time>
    - 
    - <username>admin</username>
    + <time>1295941676</time>
    + 
    + <username>(system)</username></revision> 
     <openvpn><l7shaper>@@ -1816,17 +1816,17 @@
    
     <cert>- <refid>4d3c7ce6de525</refid>
    + <refid>4d3e7dac18276</refid>
    
    - <caref>4d3c7cc0e8548</caref>
    - <crt>XXXxxxXXX</crt>
    - <prv>XXXxxxXXX</prv>
    + <caref>4d3e7d889b803</caref>
    + <crt>XXXxxxXXX</crt>
    + <prv>XXXxxxXXX</prv>
    +</cert> 
    + <cert>+ <refid>4d3e7dcd508d4</refid>
    + 
    + <caref>4d3e7d889b803</caref>
    + <crt>XXXxxxXXX</crt>
    + <prv>XXXxxxXXX</prv></cert> 
    - <ca>- <refid>4d3e7d889b803</refid>
    - 
    - <crt>XXXxxxXXX</crt>
    - <prv>XXXxxxXXX</prv>
    - <serial>0</serial>
    -</ca></l7shaper></openvpn></nohttpreferercheck></nodnsrebindcheck></port></webgui></time-update-interval> 
    

Log in to reply