Project

General

Profile

Actions

Bug #11678

closed

Certificate Manager does not report Unbound as using a certificate

Added by Steve Wheeler about 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
Certificates
Target version:
Start date:
03/15/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
21.05
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:
All

Description

If you enable SSL/TLS Service for local clients in Unbound you can select a certificate to use for that.

In the Certifcate Manager though Unbound is not shown as a user of that certificate like the webgui or OpenVPN would be for example.

It does not prevent you deleting that certificate and doing so then prevents Unbound starting:

Mar 15 12:34:27     php-fpm     372     /status_services.php: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1615811667] unbound[44823:0] error: error for cert file: /var/unbound/sslcert.crt [1615811667] unbound[44823:0] error: error in SSL_CTX use_certificate_chain_file crypto error:0909006C:PEM routines:get_name:no start line [1615811667] unbound[44823:0] error: and additionally crypto error:140DC009:SSL routines:use_certificate_chain_file:PEM lib [1615811667] unbound[44823:0] fatal error: could not set up listen SSL_CTX' 

Tested:

2.5.0-RELEASE (amd64)
built on Tue Feb 16 08:56:29 EST 2021
FreeBSD 12.2-STABLE

Actions

Also available in: Atom PDF