Project

General

Profile

Actions
Copy link

Bug #16499

closed

Renewing certificate with "Reuse Serial" checked causes PHP error

Added by Craig Coonrad 2 days ago. Updated 2 days ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Certificates
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:
All

Description

pfSense = 25.07.1
platform = QEMU and 2100

To reproduce navigate to System --> Certificates --> Certificates.
Select the GUI default cert, and the reissue/renew button.
Check the box for "Reuse Serial" and hit reissue/renew.

[20-Oct-2025 13:09:11 US/Pacific] PHP Fatal error:  Uncaught TypeError: openssl_csr_sign(): Argument #6 ($serial) must be of type int, string given in /etc/inc/certs.inc:1879
Stack trace:
#0 /etc/inc/certs.inc(1879): openssl_csr_sign()
#1 /tmp/controller-cmd.php(16) : eval()'d code(18): cert_renew()
#2 /tmp/controller-cmd.php(16): eval()
#3 {main}
  thrown in /etc/inc/certs.inc on line 1879
[20-Oct-2025 13:09:18 US/Pacific] PHP Fatal error:  Uncaught TypeError: openssl_csr_sign(): Argument #6 ($serial) must be of type int, string given in /etc/inc/certs.inc:1879
Stack trace:
#0 /etc/inc/certs.inc(1879): openssl_csr_sign()
#1 /tmp/controller-cmd.php(16) : eval()'d code(18): cert_renew()
#2 /tmp/controller-cmd.php(16): eval()
#3 {main}
  thrown in /etc/inc/certs.inc on line 1879
[20-Oct-2025 13:16:27 US/Pacific] PHP Fatal error:  Uncaught TypeError: openssl_csr_sign(): Argument #6 ($serial) must be of type int, string given in /etc/inc/certs.inc:1879
Stack trace:
#0 /etc/inc/certs.inc(1879): openssl_csr_sign()
#1 /usr/local/www/system_certmanager_renew.php(76): cert_renew()
#2 {main}
  thrown in /etc/inc/certs.inc on line 1879
Actions
Copy link
 #1

Updated by Jim Pingle 2 days ago

  • Status changed from New to Rejected

I can't reproduce this here. Certs renew with and without that checkbox set on CE and Plus on the latest releases and dev snapshots.

Odds are that certificate serial isn't numeric, which any cert generated on pfSense should be. If it was imported it may be in some other format (like Hex, perhaps?) that isn't supported by the PHP certificate functions.

But without such a cert to test with, it's hard to say for sure.

Actions
Copy link
 #2

Updated by Craig Coonrad 2 days ago

That was the case. The cert serial is hex.

Actions
Copy link

Also available in: Atom PDF