OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 21.7 Legacy Series »
  • SSL Certificates signing | Error 500
« previous next »
  • Print
Pages: [1]

Author Topic: SSL Certificates signing | Error 500  (Read 1670 times)

XeroX

  • Jr. Member
  • **
  • Posts: 99
  • Karma: 5
    • View Profile
SSL Certificates signing | Error 500
« on: August 19, 2021, 03:08:28 pm »
Hello,
currently running latest OPNSense 21.7.

I'm not able to sign certificates anymore (Internal Certificate Signing). Trying to sign a certificate results in "500 Internal Server Error"

Code: [Select]
2021-08-19T15:00:47 lighttpd[38924] (gw_backend.c.2275) response not received, request sent: 2438 on socket: unix:/tmp/php-fastcgi.socket-1 for /system_certmanager.php?act=new, closing connection
2021-08-19T15:00:47 lighttpd[38924] (mod_fastcgi.c.419) unexpected end-of-file (perhaps the fastcgi process died):pid: 49810 socket: unix:/tmp/php-fastcgi.socket-1
2021-08-19T14:59:29 lighttpd[38924] (gw_backend.c.2275) response not received, request sent: 2396 on socket: unix:/tmp/php-fastcgi.socket-1 for /system_certmanager.php?act=new, closing connection
2021-08-19T14:59:29 lighttpd[38924] (mod_fastcgi.c.419) unexpected end-of-file (perhaps the fastcgi process died):pid: 49810 socket: unix:/tmp/php-fastcgi.socket-1

Anyone able to verify if this is a general problem or just mine?

Cheers
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13671
  • Karma: 1175
    • View Profile
Re: SSL Certificates signing | Error 500
« Reply #1 on: August 19, 2021, 03:15:12 pm »
It's a bug in PHP version that came with 21.7.1 in LibreSSL only and will be fixed with 21.7.2. If you need to create new certificates you need to switch to OpenSSL for the time being.


Cheers,
Franco
Logged

XeroX

  • Jr. Member
  • **
  • Posts: 99
  • Karma: 5
    • View Profile
Re: SSL Certificates signing | Error 500
« Reply #2 on: August 19, 2021, 03:57:43 pm »
Thank you franco.

I will wait till 21.7.2. I prefer LibreSSL. Time has shown its more reliable and more secure (from my perspective).

Is there any patch I can apply and test?
« Last Edit: August 19, 2021, 04:04:28 pm by XeroX »
Logged

apsandreas

  • Newbie
  • *
  • Posts: 8
  • Karma: 1
    • View Profile
Re: SSL Certificates signing | Error 500
« Reply #3 on: September 01, 2021, 03:48:42 pm »
Same applies to me. Is there an immediate fix for it?
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13671
  • Karma: 1175
    • View Profile
Re: SSL Certificates signing | Error 500
« Reply #4 on: September 01, 2021, 03:51:28 pm »
Yes, use OpenSSL flavour. It's as good an immediate fix as there is.


Cheers,
Franco
Logged

apsandreas

  • Newbie
  • *
  • Posts: 8
  • Karma: 1
    • View Profile
Re: SSL Certificates signing | Error 500
« Reply #5 on: September 01, 2021, 03:55:13 pm »
Yes I read that. But is there a workaround that does NOT require a reboot? This is our main gateway - i cannot do it now as it drops about 50 VPN connections not to speak of the phone / video conferences... :(

Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: SSL Certificates signing | Error 500
« Reply #6 on: September 01, 2021, 06:31:12 pm »
This just creates a key pair, a CSR and signs it with the CA. In theory, you can download the CA certificate and key and perform the same actions locally. Afterwards, you would have to upload the new certificate and optionally the key to use the certificate in OPNsense.
Logged

apsandreas

  • Newbie
  • *
  • Posts: 8
  • Karma: 1
    • View Profile
Re: SSL Certificates signing | Error 500
« Reply #7 on: September 02, 2021, 08:37:41 am »
I changed to OpenSSL. It even worked without a reboot, so there was no downtime involved when I did it.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13671
  • Karma: 1175
    • View Profile
Re: SSL Certificates signing | Error 500
« Reply #8 on: September 02, 2021, 09:42:11 am »
Ok, nice to hear.


Cheers,
Franco
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 21.7 Legacy Series »
  • SSL Certificates signing | Error 500
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2