Author Topic: SSL Certificates signing | Error 500 (Read 899 times)

XeroX · « **on:** August 19, 2021, 03:08:28 pm »

Hello,
currently running latest OPNSense 21.7.

I'm not able to sign certificates anymore (Internal Certificate Signing). Trying to sign a certificate results in "500 Internal Server Error"

Code: [Select]

2021-08-19T15:00:47	lighttpd[38924]	(gw_backend.c.2275) response not received, request sent: 2438 on socket: unix:/tmp/php-fastcgi.socket-1 for /system_certmanager.php?act=new, closing connection	 
2021-08-19T15:00:47	lighttpd[38924]	(mod_fastcgi.c.419) unexpected end-of-file (perhaps the fastcgi process died):pid: 49810 socket: unix:/tmp/php-fastcgi.socket-1	 
2021-08-19T14:59:29	lighttpd[38924]	(gw_backend.c.2275) response not received, request sent: 2396 on socket: unix:/tmp/php-fastcgi.socket-1 for /system_certmanager.php?act=new, closing connection	 
2021-08-19T14:59:29	lighttpd[38924]	(mod_fastcgi.c.419) unexpected end-of-file (perhaps the fastcgi process died):pid: 49810 socket: unix:/tmp/php-fastcgi.socket-1

Anyone able to verify if this is a general problem or just mine?

Cheers

franco · « **Reply #1 on:** August 19, 2021, 03:15:12 pm »

It's a bug in PHP version that came with 21.7.1 in LibreSSL only and will be fixed with 21.7.2. If you need to create new certificates you need to switch to OpenSSL for the time being.

Cheers,
Franco

XeroX · « **Reply #2 on:** August 19, 2021, 03:57:43 pm »

Thank you franco.

I will wait till 21.7.2. I prefer LibreSSL. Time has shown its more reliable and more secure (from my perspective).

Is there any patch I can apply and test?

apsandreas · « **Reply #3 on:** September 01, 2021, 03:48:42 pm »

Same applies to me. Is there an immediate fix for it?

franco · « **Reply #4 on:** September 01, 2021, 03:51:28 pm »

Yes, use OpenSSL flavour. It's as good an immediate fix as there is.

Cheers,
Franco

apsandreas · « **Reply #5 on:** September 01, 2021, 03:55:13 pm »

Yes I read that. But is there a workaround that does NOT require a reboot? This is our main gateway - i cannot do it now as it drops about 50 VPN connections not to speak of the phone / video conferences...

fabian · « **Reply #6 on:** September 01, 2021, 06:31:12 pm »

This just creates a key pair, a CSR and signs it with the CA. In theory, you can download the CA certificate and key and perform the same actions locally. Afterwards, you would have to upload the new certificate and optionally the key to use the certificate in OPNsense.

apsandreas · « **Reply #7 on:** September 02, 2021, 08:37:41 am »

I changed to OpenSSL. It even worked without a reboot, so there was no downtime involved when I did it.

franco · « **Reply #8 on:** September 02, 2021, 09:42:11 am »

Ok, nice to hear.

Cheers,
Franco

Author Topic: SSL Certificates signing | Error 500 (Read 899 times)

XeroX

SSL Certificates signing | Error 500

franco

Re: SSL Certificates signing | Error 500

XeroX

Re: SSL Certificates signing | Error 500

apsandreas

Re: SSL Certificates signing | Error 500

franco

Re: SSL Certificates signing | Error 500

apsandreas

Re: SSL Certificates signing | Error 500

fabian

Re: SSL Certificates signing | Error 500

apsandreas

Re: SSL Certificates signing | Error 500

franco

Re: SSL Certificates signing | Error 500