Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: j.koopmann on October 30, 2024, 07:52:31 PM

Title: Cannot import root CA
Post by: j.koopmann on October 30, 2024, 07:52:31 PM
Hi,

in order to get ACME working with an internal ACME instance I need to import the root CA used into OPNSense. If I import the crt contents to my pfsense installation all is fine. But on OPNsense I get

Unexpected error, check log for details

and in the log

Code Select
<147>1 2024-10-30T19:45:36+01:00 OPNsense1.localdomain config 64536 - [meta sequenceId="2"] [OPNsense\Trust\Cert:cert.4811211f-f7fd-44bc-9005-340f2f3a74b6.caref] Please select a valid certificate from the list{67227ed0e74ce}
<147>1 2024-10-30T19:50:15+01:00 OPNsense1.localdomain config 54947 - [meta sequenceId="1"] [OPNsense\Trust\Cert:cert.374837b5-c3e5-46d6-9779-840e74649a2c.caref] Please select a valid certificate from the list{67227fe78b7e8}
<147>1 2024-10-30T19:50:15+01:00 OPNsense1.localdomain config 54947 - [meta sequenceId="2"] [OPNsense\Trust\Cert:cert.4811211f-f7fd-44bc-9005-340f2f3a74b6.caref] Please select a valid certificate from the list{67227fe78b7e8}


The crt data appears perfect. Checked the attributes etc. I am at a loss at the moment. Any idea? Trying to import it as a certificate works however then the ACME service is not able to communicate with my local ACME service (Wireshark shows OPNsense to terminate the TLS 1.3 handshake with "Unknown CA").
Title: Re: Cannot import root CA
Post by: j.koopmann on October 31, 2024, 10:15:03 AM
Latest update to 24.7.7 fixed this!
Text only | Text with Images