Comments (14)
I tried the above options, nothing seemed to work. I found this and compared what I had in the R3 Cert. It was close, but off in a few places. I replaced my R3 cert with the above, and it now works. Hope this helps.
https://forum.opnsense.org/index.php?topic=24950.msg119873#msg119873
from opn-repo.
Go on my website and search the folder where you fetched the conf, then remove the file and run pkg update
I will check the cert prob over the weekend
from opn-repo.
Fair enough. So just so I understand the processs and don't muck things up can you verify the following?
Step 1 - Go to /usr/local/etc/package/repos and delete mimugmail.conf
Step 2 - Do my OPN updates and wireguard-kmod reinstall
Step 3 - Run the fetch from your website again to re-pull the conf.
Step 4 - Reboot.
Sound right and my Adguardhome will retain the current config without requiring additional rework?
from opn-repo.
Can you replace recheck .. I dont get any errors
from opn-repo.
Hi Michael,
I have the same issue, remove the conf, remove the expired CA from System/Trust/Authorities, update OPNsense, re-add the Repository (with --no-verify-peer), but Repository Update still comes with:
Updating mimugmail repository catalogue... Certificate verification failed for /O=Digital Signature Trust Co./CN=DST Root CA X3 229124571136:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify
The https://opn-repo.routerperformance.net looks okay, but OPNsense use old/cached? DST RootCA X3.
How to remove, or recheck, what you mean.
THX
from opn-repo.
System : Trust : Authorities and remove the old one?
from opn-repo.
from opn-repo.
Only this is configured.
Repo looks fine: https://www.sslshopper.com/ssl-checker.html#hostname=opn-repo.routerperformance.net think it's a OPNsense thing.
@burntoc I remove the Repository, to update to Latest OPNsense (21.7.3_3), hope that the update fix it.
from opn-repo.
from opn-repo.
I am not a security professional... But the way I understand things the CA works as the first level of cert verification and is housed on the client side (which would be you opnsense box). In my case a new CA was present, but just had an inaccurate cert.
That said, I did not add the new CA to my box, and the date on it coresponds with an update I did. So, I am inclined to believe opnsense did this during an update. If so, opnsense sent the wrong CA cert to everyone. I may be way wrong on this, and it may just be me that had this particular issue, I am just trying to piece together what I see.
from opn-repo.
from opn-repo.
Again, not a security pro.... But certs are 3 parts. Ca, public, and private. Yes everything SHOULD work automatically. But in my case the CA cert was off. The CA is stored in opnsense and not usually updated, likely for security/spoofing reasons. I'm just sharing my experience and hoping it helps the community. Maybe not, who knows. 🤣
from opn-repo.
from opn-repo.
I got a reply that this repository has been moved to ZeroSSL to address the client-side CA and OPNsense config issues arising from this. Thought I'd confirm that this has fixed the issue here, with no additional adjustments needed on my part. As the CAs and certs are all valid now, the OPNsense update function completes properly again.
from opn-repo.
Related Issues (20)
- ocserv missing after upgrade Opnsense to 23.7.12 HOT 2
- Feature request: opn-arp sends an email about IP-conflicts. HOT 1
- SSH to os-unifi-maxit HOT 3
- Unifi: Update to Network Application 8.0.28 available
- y
- AdguardHome "restart" stops adguard, but does not restart it. HOT 1
- Unable to update Adguard Home to v0.107.46 HOT 1
- Update to UniFi Network Application 8.1.113 possible? HOT 4
- Adguard fails to update from GUI after update HOT 1
- Adguard "Auto-update failed. Please follow these steps to update manually." HOT 3
- nTop-ng No Vulnerability Scan Type HOT 4
- [Feature Request] AdGuardPlugin allow setting dir_path for query and statistic logs from GUI HOT 3
- Adguard not Restarting after Reboot
- Speedtest not running via cron HOT 6
- After using the ACME service command "update local UniFi keystore", UniFi controller is not starting anymore HOT 6
- Problems updating the mimugmail repo OPNsense HOT 3
- Adguard home and tailscaled.
- Add podman Support HOT 2
- Expand Unifi plugin to manage system properties HOT 1
- pkg: kibana7 has a missing dependency: node16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opn-repo.