The pfSense Store

Author Topic: Problem with certificate manager  (Read 182 times)

0 Members and 1 Guest are viewing this topic.

Offline TinMar

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Problem with certificate manager
« on: December 08, 2017, 08:47:06 am »
Hi,

I have a pfSense installation on which one I cannot create internal certificate.
I can create a CA without problem, I can correctly export cert and key.
But when I create a new cert, the certificate is an empty file and I cannot export any private key.
On a clean pfSense installation I create CA and certs with same settings without any problem.

Where can I found log for certificate manager?
Is there some command line tools for the psSense's certificate manager I can use debug this installation?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21495
  • Karma: +1458/-26
    • View Profile
Re: Problem with certificate manager
« Reply #1 on: December 08, 2017, 02:40:03 pm »
What version are you on?

What exact settings are you putting in each field when creating the CA and certificate? Anything special about it?
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline TinMar

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Problem with certificate manager
« Reply #2 on: December 11, 2017, 02:56:24 am »
I upgraded from 2.3.x to last stable 2.4.x before to add the CA.
I leave default settings for CA and certificates (key length: 2048, digest: SHA256, Lifetime: 3650) and fill all information fields without any special characters.
I try on a new pfSense installation to test exactly same settings and its working well.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21495
  • Karma: +1458/-26
    • View Profile
Re: Problem with certificate manager
« Reply #3 on: December 11, 2017, 10:58:28 am »
If it works on a fresh installation then there must be some part of that previous upgrade that failed.

If you run "pfSense-upgrade" from a console or ssh shell, does it find anything that needs updated?

Does "pkg version -vL=" show anything?
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline TinMar

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Problem with certificate manager
« Reply #4 on: December 12, 2017, 04:23:52 am »
All packages are up to:
Code: [Select]
pkg version -vL=
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
pfSense-upgrade
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
>>> Unlocking package pfSense-kernel-pfSense... done.
>>> Setting vital flag on pkg... done.
>>> Setting vital flag on pfSense... done.
Your packages are up to date