The package server's SSL certificate could not be verified.
-
After I did the upgrade to 2.2.6 only one package got reinstalled. So went to install manually I got this warning message:
System: Package Manager help
exclamation The package server's SSL certificate could not be verified. The SSL certificate itself may be invalid, its chain of trust may have failed validation, or the server may have been impersonated. Downloaded packages may come from an untrusted source. Proceed with caution.
Should I be concerned about this?
I will hold off installing any packages.
-
I wonder if this could be related to the issue I'm seeing with 2 url table aliases no longer able to download via ssl after upgrade from 2.2.5 to 2.2.6. Even after a fresh full install.
https://forum.pfsense.org/index.php?topic=104392.0
USB memstick, i386, VGA
-
That's definitely indicative of a problem of some sort. If you go to a command prompt and run the following, what do you get?
fetch https://packages.pfsense.org
I wonder if this could be related to the issue I'm seeing with 2 url table aliases no longer able to download via ssl after upgrade from 2.2.5 to 2.2.6.
https://forum.pfsense.org/index.php?topic=104392.0If you'd do what I asked in that thread and post back results there, maybe we could determine that.
-
I get
$ fetch https://packages.pfsense.org packages.pfsense.org 0 B 0 Bps
when I run that command on:
2.2.6-RELEASE (amd64)
built on Mon Dec 21 14:50:08 CST 2015
FreeBSD 10.1-RELEASE-p25Carlos
-
I get
$ fetch https://packages.pfsense.org packages.pfsense.org 0 B 0 Bps
That's the correct expected output. I presume in your case your interest is re: the IPsec post you made, which is completely unrelated to what this thread is about. IPsec certificates are a completely different, separate component and their verification has no relation to fetch.
-
No, I just thought it might be helpful. I was already remoted into my pfSense box and it only took a minute or two to put together the post.
Carlos
-
I am getting this when trying to fetch it in the command prompt:
$ fetch https://packages.pfsense.org
No server SSL certificate
fetch: https://packages.pfsense.org: Authentication error -
I am getting this when trying to fetch it in the command prompt:
$ fetch https://packages.pfsense.org
No server SSL certificate
fetch: https://packages.pfsense.org: Authentication errorThat's why. What files do you have in /usr/local/etc/ssl/?
-
Just one file:
[2.2.6-RELEASE]/usr/local/etc/ssl: ls -l
total 960
-rw-r–r-- 1 root wheel 944280 Dec 21 13:20 cert.pemLooking inside the pem file it's just a standard CA signed root certs. Alot of them set to expire around 2020 to 2030
-
That looks correct. Exactly the same file size as it should be.
-rw-r--r-- 1 root wheel 944280 Dec 21 15:20 cert.pem
Guessing it likely matches this SHA.
: sha256 /usr/local/etc/ssl/cert.pem SHA256 (/usr/local/etc/ssl/cert.pem) = 2629766a1e695df07dfcdc86eae7afa562a43f8d6d2a74a8e9eddccf5ece5dd6
Which does work.
: fetch -v https://packages.pfsense.org looking up packages.pfsense.org connecting to packages.pfsense.org:443 SSL options: 81004bff Peer verification enabled Using CA cert file: /usr/local/etc/ssl/cert.pem Verify hostname SSL connection established using ECDHE-RSA-AES256-GCM-SHA384 Certificate subject: /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.pfsense.org Certificate issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA requesting https://packages.pfsense.org/ remote size / mtime: 23 / 1394690197 packages.pfsense.org 100% of 23 B 202 kBps 00m00s
-
I had this same problem. My certificates were also there and the sha256 matched. I finally rebooted and the problem was fixed.