Cannot import root CA

j.koopmann · October 30, 2024, 07:52:31 PM

Hi,

in order to get ACME working with an internal ACME instance I need to import the root CA used into OPNSense. If I import the crt contents to my pfsense installation all is fine. But on OPNsense I get

Unexpected error, check log for details

and in the log

Code Select

<147>1 2024-10-30T19:45:36+01:00 OPNsense1.localdomain config 64536 - [meta sequenceId="2"] [OPNsense\Trust\Cert:cert.4811211f-f7fd-44bc-9005-340f2f3a74b6.caref] Please select a valid certificate from the list{67227ed0e74ce}
<147>1 2024-10-30T19:50:15+01:00 OPNsense1.localdomain config 54947 - [meta sequenceId="1"] [OPNsense\Trust\Cert:cert.374837b5-c3e5-46d6-9779-840e74649a2c.caref] Please select a valid certificate from the list{67227fe78b7e8}
<147>1 2024-10-30T19:50:15+01:00 OPNsense1.localdomain config 54947 - [meta sequenceId="2"] [OPNsense\Trust\Cert:cert.4811211f-f7fd-44bc-9005-340f2f3a74b6.caref] Please select a valid certificate from the list{67227fe78b7e8}

The crt data appears perfect. Checked the attributes etc. I am at a loss at the moment. Any idea? Trying to import it as a certificate works however then the ACME service is not able to communicate with my local ACME service (Wireshark shows OPNsense to terminate the TLS 1.3 handshake with "Unknown CA").

j.koopmann · October 31, 2024, 10:15:03 AM

Latest update to 24.7.7 fixed this!

Cannot import root CA

j.koopmann

October 30, 2024, 07:52:31 PM

j.koopmann

October 31, 2024, 10:15:03 AM #1