System: Trust: Certificates: Show certificate info

Started by combsbj, November 10, 2024, 04:50:33 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 10, 2024, 04:50:33 PM Last Edit: November 10, 2024, 04:58:47 PM by combsbj
OPNsense 24.7.8-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15

After generating a new cert using ACME Client service, it is immediately available in /var/etc/acme-client via SSH/SCP. It is also immediately listed in the trust certificate web ui. However, the info and download button will not work for hours, even after restarting all services.

Is this expected?
Is there a recommended way to download a cert from the web ui after generating in from ACME client?
November 18, 2024, 11:02:46 PM #1
I'm seeing the same thing. I went to the certificates page because I was intending to modify my cipher list and wanted to double check what how all the existing certs were keyed.

However, the "show certificate info" buttons don't do anything, nor do the "Download" buttons.

Versions
OPNsense 24.7.8-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15
December 04, 2024, 10:07:27 PM #2
Hmm, so I upgraded a separate OPNsense VM I had on hand to 24.7.9 and I can still view info and download a certificate. So if it's a legitimate bug, it's not universal. The only major difference I can see is that on the VM, I have no additional certificates, only the OPNsense GUI cert. On the affected baremetal install, I have a CA along with a handful of server certificates issued from it, plus a few Let's Encrypt certificates.
December 05, 2024, 03:43:32 AM #3
What theme are you using ?

Try on the default OPNsense one.
December 05, 2024, 04:44:07 PM #4
I only have one theme listed called "opnsense", and that what it is set to.
December 17, 2024, 10:03:12 AM #5
For me it`s the same. Is there any progress on this, or workaround may be?
December 17, 2024, 10:19:03 AM #6
Works fine for me with the default OPNsense theme, in Certificates and Authorities sections.

Have you tried a different browser ?
December 17, 2024, 11:28:39 AM #7 Last Edit: December 17, 2024, 02:06:33 PM by mirobiala Reason: Update
Quote from: newsense on December 17, 2024, 10:19:03 AMWorks fine for me with the default OPNsense theme, in Certificates and Authorities sections.

Have you tried a different browser ?

Yes @newsense, I did and the result is the same. But if it was a browser issue, all certificates would be affected, not just the last generated ones.
Am I right?

Update : It might be a permissions issue. In /var/etc/acme-client/certs I found that the last acme certificates are created with different permissions compared to the older ones. The older certificates folders have drwxr-x---, but the last ones drwx------ and the keys inside: from -rwxr-x--- to -rw-------.
December 18, 2024, 01:29:38 AM #8
For the permissions issue you may want to open a Github ticket in opnsense/plugins
December 18, 2024, 02:52:23 PM #9
Quote from: newsense on December 18, 2024, 01:29:38 AMFor the permissions issue you may want to open a Github ticket in opnsense/plugins

Attaching it to existing ticket : Link ...
Print
Go Up Pages1
User actions