Bug #15304
closed
After update to latest stable (23.09.1), cert issuance was issuing blank certs, and a signing request not working.
0%
Description
My pfsense instance is a negate appliance on version:
23.09.1-RELEASE (amd64)
built on Wed Feb 28 16:16:00 UTC 2024
FreeBSD 14.0-CURRENT
Right after update to 23.09.1, I decided to fix my expired cert for webconfigurator. I created a CA, then issued a server cert from it. I navigated to: System / Advanced / Admin Access, and tried to find the newly generated cert in the SSL/TLS Certificate dropdown list. The newly generated server cert was not in the list.
I then inspected the newly generated cert (using edit) to see that the key data and certificate data are empty. I then tried a newly generated a pkcs7 request and tried to submit it but the page would not submit, it would just reload the same data I just entered and not save it. I then rebooted the pfsense appliance/host and tried to submit the pkcs7 request again, and the cert had a private key and public cert info, and I was able to use the new certificate in webconfigurator without issue.
Not sure if this is considered a bug or not, but I thought the info would be welcome. Having found old posts on it w/ no repeatability (https://redmine.pfsense.org/issues/7995), I can say that I have repeated the issue w/ the latest stable version. A reboot fixed it. To possibly repeat, install the previous version, upgrade to the latest stable, do not restart, and try to generate a ca and and use it in webconfigurator to replace the existing web configurator cert. Or perhaps, after creating a new CA, a restart of some service or reboot is necessary?
-Pete
Updated by 
Updated by 
Updated by