Server certificates have mysteriously disappeared

[RainerR]

Hello Community.

I use my OPNsense boxes - 2 in a Carp Cluster - also as CA in my laboratory environment.

Current version:

• OPNsense 17.7.3-amd64
• FreeBSD 11.0-RELEASE-p12
• OpenSSL 1.0.2l 25 May 2017

Before and after configuration changes to my OPNsense boxes I always archive the configuration.

Yesterday I noticed that except for 4 server certificates, all the others disappeared.
This happened in version 17.7.2, because I just recently upgraded to the current version.
At first I thought that I accidentally - which is actually not possible - deleted the certificates myself.

But I have just checked the saved configurations for both nodes and found out that the certificates were still in the backup file from 13.09.2017.

Unfortunately I have absolutely no idea what could have happened and therefore I cannot reproduce it.

Basically, this is not a problem, because I run another CA in the lab environment, which I can use for all server certificates if necessary.

It would be interesting if I could find out the cause.

Are there any logfiles that I can use for root cause analysis?

Best regards,
Rainer.

[franco]

Your best chance are the backups... the config history has a diff feature so you see when the certs were purged and why. If you can share that info with us we can look further.


Thanks,
Franco

[RainerR]

Thank you for your quick reply.

Attached you'll find the configuration differences that were be shown by using the diff function in the history.

[RainerR]

From my point of view this topic can be closed.

Best regards,
Rainer.