Firefox ssl certificate error/warning, upgrade from x86 to x64, xml file HELP!!!



  • Dear PF users,

    I upgraded from x86 to x64 and since the fact that I have a sixth sense, I already knew I was going to run into problems when loading the xml into the x64 firewall. I thought that stuff was supposed to be working transparently?? At least that what the manual says?

    The first thing I notice is that my bridged mode settings did not adapt to the name of the physical NIC, fxp0 to bge for instance and there is apparently no way to change it to the new NIC.

    The second thing is the reason of my thread. Each time I try to connect to the firewall with my webbrowser it starts to wine about a certificate issue and I cannot get rid of it.
    It must be something with the certificates on the pfsense firewall.

    It think it is very important to mention that I have not restored all the settings from the xml, only the painful ones, that is: Firewall rules, NAT, and openvpn.

    It looks like there is some sort of inconsistency to, but I cannot resolve it, I am already thinking about it for three days, poor lad I am.

    I really need some help.

    Can you guys give me a clue what is going on here?

    I cannot begin from scratch. Reason 1 is that I don't want to go through its painful configuration again.

    Reason 2 is that the rack mount has a SuperMicro motherboard, and you won't believe these one, even though the POST displays a SATA cdrom, the BIOS does not detect the SATA cdrom and therefore it impossible to install pfsense from scratch without swapping the sata cdrom with a IDE cdrom first. The cause is fabrication error.
    Each time I do a hardware change, in this case swapping the cable, the bios also resets,….

    I really need some help.

    Can you guys give me a clue what is going on here?

    The error looks like this, if more information is needed, I will post some shots from the cert. manager on the firewall.

    Thank you



  • What / where is brampitoyo.github.io ?
    What / where is expired.badssl.com ?

    Your are connecting on the pfSense LAN interface, right ?



  • Make sure the date/time and timezone settings are correct on both you client running the browser, and the pfSense box.



  • Hmm,

    The screenshot was taken as an example to reproduce the error.



  • Is it possible that the certificate was created while the bios was set to the year 1970?

    Thank you



  • Have you tried clearing out the pfSense box certificates in Firefox?



  • Yes, I have, doesn't change a thing.

    I have sworn not to install and config pfsense from scratch again, especially not with my current hardware conditions.

    I have done a fresh install and now it seems to work.

    I am quite certain that the issue occured because of wrong Time/Date settings in the CMOS, shame on you SuperMicro that is supposed to sell high end server-workstation hardware, very remarkable is the boot from SATA cdrom malfunction.

    Thank your for your time.


  • Rebel Alliance Developer Netgate

    Fix the date/time on the pfSense firewall. Go to the console (video, serial, ssh, whatever). Start a shell. Run:

    pfSsh.php playback generateguicert
    

    That will generate and activate a fresh GUI cert for you automatically.


Log in to reply