Certificate Failed Validation

[spetrillo]

Hello all,

I am in the midst of building a temp OPNsense firewall, so I can virtualize what will be my perm firewall. I used the config of my current firewall to save me some keyboard time, but now that I go back and try to install plugins I am getting the following:

Currently running OPNsense 21.7.7 (amd64/OpenSSL) at Wed Jan 19 13:02:07 EST 2022
Fetching changelog information, please wait... Certificate verification failed for /CN=*.opnsense.org
4869353918464:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
fetch: https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/sets/changelog.txz.sig: Authentication error
Updating OPNsense repository catalogue...
Certificate verification failed for /CN=*.opnsense.org
918199537664:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /CN=*.opnsense.org
918199537664:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /CN=*.opnsense.org

I am going to assume that I copied the cert from the current firewall to the temp but not sure what restore option caused this. How do I remove this cert and get a good cert, or do I need to rebuild my temp firewall?

Thanks,
Steve

[franco]

Hi Steve,

We are looking at a weird bug in FreeBSD 13 with the pkg-static binary and for this reason switched through a number of certificates for pkg.opnsense.org.

Your error is on 21.7.7 which to our knowledge is unaffected and looking at your message it shows a wildcard certificate that is no longer on the mirror... can you simply try again?


Cheers,
Franco

[spetrillo]

Hi Franco,

Yes it looks like it fixed itself about 10 minutes later, as I ran the status again and all good now.

Thanks,
Steve