Server certificates have mysteriously disappeared

Started by RainerR, September 21, 2017, 08:38:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 21, 2017, 08:38:50 PM
Hello Community.

I use my OPNsense boxes - 2 in a Carp Cluster - also as CA in my laboratory environment.

Current version:

  • OPNsense 17.7.3-amd64
  • FreeBSD 11.0-RELEASE-p12
  • OpenSSL 1.0.2l 25 May 2017

Before and after configuration changes to my OPNsense boxes I always archive the configuration.

Yesterday I noticed that except for 4 server certificates, all the others disappeared.
This happened in version 17.7.2, because I just recently upgraded to the current version.
At first I thought that I accidentally - which is actually not possible - deleted the certificates myself.

But I have just checked the saved configurations for both nodes and found out that the certificates were still in the backup file from 13.09.2017.

Unfortunately I have absolutely no idea what could have happened and therefore I cannot reproduce it.

Basically, this is not a problem, because I run another CA in the lab environment, which I can use for all server certificates if necessary.

It would be interesting if I could find out the cause.

Are there any logfiles that I can use for root cause analysis?

Best regards,
Rainer.
September 22, 2017, 12:19:11 AM #1
Your best chance are the backups... the config history has a diff feature so you see when the certs were purged and why. If you can share that info with us we can look further.


Thanks,
Franco
September 22, 2017, 09:48:32 PM #2 Last Edit: September 26, 2017, 11:34:00 PM by RainerR
Thank you for your quick reply.

Attached you'll find the configuration differences that were be shown by using the diff function in the history.
September 26, 2017, 11:33:23 PM #3
From my point of view this topic can be closed.

Best regards,
Rainer.
Print
Go Up Pages1
User actions