Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: combsbj on November 10, 2024, 04:50:33 PM

Title: System: Trust: Certificates: Show certificate info
Post by: combsbj on November 10, 2024, 04:50:33 PM
OPNsense 24.7.8-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15

After generating a new cert using ACME Client service, it is immediately available in /var/etc/acme-client via SSH/SCP. It is also immediately listed in the trust certificate web ui. However, the info and download button will not work for hours, even after restarting all services.

Is this expected?
Is there a recommended way to download a cert from the web ui after generating in from ACME client?
Title: Re: System: Trust: Certificates: Show certificate info
Post by: mgeoffriau on November 18, 2024, 11:02:46 PM
I'm seeing the same thing. I went to the certificates page because I was intending to modify my cipher list and wanted to double check what how all the existing certs were keyed.

However, the "show certificate info" buttons don't do anything, nor do the "Download" buttons.

Versions
OPNsense 24.7.8-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15
Title: Re: System: Trust: Certificates: Show certificate info
Post by: mgeoffriau on December 04, 2024, 10:07:27 PM
Hmm, so I upgraded a separate OPNsense VM I had on hand to 24.7.9 and I can still view info and download a certificate. So if it's a legitimate bug, it's not universal. The only major difference I can see is that on the VM, I have no additional certificates, only the OPNsense GUI cert. On the affected baremetal install, I have a CA along with a handful of server certificates issued from it, plus a few Let's Encrypt certificates.
Title: Re: System: Trust: Certificates: Show certificate info
Post by: newsense on December 05, 2024, 03:43:32 AM
What theme are you using ?

Try on the default OPNsense one.
Title: Re: System: Trust: Certificates: Show certificate info
Post by: mgeoffriau on December 05, 2024, 04:44:07 PM
I only have one theme listed called "opnsense", and that what it is set to.
Title: Re: System: Trust: Certificates: Show certificate info
Post by: mirobiala on December 17, 2024, 10:03:12 AM
For me it`s the same. Is there any progress on this, or workaround may be?
Title: Re: System: Trust: Certificates: Show certificate info
Post by: newsense on December 17, 2024, 10:19:03 AM
Works fine for me with the default OPNsense theme, in Certificates and Authorities sections.

Have you tried a different browser ?
Title: Re: System: Trust: Certificates: Show certificate info
Post by: mirobiala on December 17, 2024, 11:28:39 AM
Quote from: newsense on December 17, 2024, 10:19:03 AMWorks fine for me with the default OPNsense theme, in Certificates and Authorities sections.

Have you tried a different browser ?

Yes @newsense, I did and the result is the same. But if it was a browser issue, all certificates would be affected, not just the last generated ones.
Am I right?

Update : It might be a permissions issue. In /var/etc/acme-client/certs I found that the last acme certificates are created with different permissions compared to the older ones. The older certificates folders have drwxr-x---, but the last ones drwx------ and the keys inside: from -rwxr-x--- to -rw-------.
Title: Re: System: Trust: Certificates: Show certificate info
Post by: newsense on December 18, 2024, 01:29:38 AM
For the permissions issue you may want to open a Github ticket in opnsense/plugins
Title: Re: System: Trust: Certificates: Show certificate info
Post by: mirobiala on December 18, 2024, 02:52:23 PM
Quote from: newsense on December 18, 2024, 01:29:38 AMFor the permissions issue you may want to open a Github ticket in opnsense/plugins

Attaching it to existing ticket : Link ... (https://github.com/opnsense/plugins/issues/4401)
Text only | Text with Images