Project

General

Profile

Actions

Bug #3691

closed

Fetch error on HTTPS console update by URL

Added by Jim Pingle over 10 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Upgrade
Target version:
Start date:
06/04/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:
All

Description

When performing a console update by URL from an HTTPS URL, fetch displays an error validating the certificate.

Fetching file...
looking up snapshots.pfsense.org
connecting to snapshots.pfsense.org:443
SSL options: 81004bff
Peer verification enabled
Using CA cert file: /etc/ssl/cert.pem
Certificate verification failed for /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - G2
34380912584:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/pfSensesrc/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1167:
fetch: https://snapshots.pfsense.org/FreeBSD_stable/10//amd64/pfSense_HEAD/.updaters//latest.tgz: Authentication error

It appears to not know where the CA is, as this works when run manually

fetch --ca-cert=/usr/local/share/certs/ca-root-nss.crt https://snapshots.pfsense.org/FreeBSD_stable/10//amd64/pfSense_HEAD/.updaters//latest.tgz

Switching that to CURL may be better long-term.

Actions

Also available in: Atom PDF