pfSense

The nginx daemon for the GUI fails to run with a SHA1 certificate on dev snapshots using OpenSSL 3.0

The daemon logs an error and terminates:

2023/08/09 19:09:10 [emerg] 77010#100309: SSL_CTX_use_certificate("/var/etc/cert.crt") failed (SSL: error:0A00018E:SSL routines::ca md too weak)

We should either filter these certificates out of the list offered for use by the GUI and Captive Portal or trigger an input validation error when saving with one selected. This limitation should also be noted in the help text under the GUI certificate field.

We should also check on upgrade if the GUI is using such a certificate and if so, generate a new GUI certificate.

For Captive Portal it's not as clear, but since the certificate will cause the daemon to fail, we need to do something (e.g. disable portal zone and notify user)