This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[UTM 9.7005] Bug ? Certificate management in webadmin

Hi,

i updated one of my test-utm from 9.6x to 9.7005.

After the update i cant manage certificates in "webserver protection / certificate management" or "Site 2 Site 'VPN / certificate management"

  • the certificates list is a blank site
  • after 30 sec the well known message  pops up "if i want to give addidional 30 seconds ..."
  • then nothing els occours

 

in log files:

  • i can see entrys in webadmin.log for each certificate in system:
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: |=========================================================================
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: W Complete chain for: REF_pYMkIGSPGKew
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: $VAR1 = [
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:           'C=de, ST=xxxxxxxxxx, L=xxxx, O=KVBB, CN=VPN CA-4096, emailAddress=astaro@xxxxx.lan'
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:         ];
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  1. wfe::asg::modules::asg_ca::_get_certificate_chain:1412() /</var/webadmin/webadmin.plx>wfe/asg/modules/asg_ca.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  2. wfe::asg::modules::asg_ca::func_ca_certs:395() /</var/webadmin/webadmin.plx>wfe/asg/modules/asg_ca.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  3. (eval):283() asg.plx
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  4. main::top-level:279() asg.plx

  • after aprox 1 minute:
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: |=========================================================================
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: I Got Sigterm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  1. main::__ANON__:103() asg.plx
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  2. (eval):445() IO/Handle.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  3. IO::Handle::read:445() IO/Handle.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  4. RPC::PlServer::Comm::Read:162() /</var/webadmin/webadmin.plx>RPC/PlServer/Comm.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  5. RPC::PlClient::Call:109() /</var/webadmin/webadmin.plx>RPC/PlClient.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  6. RPC::PlClient::Object::Astaro::RPC::get_object:5() (eval 1397)
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  7. (eval):118() /</var/webadmin/webadmin.plx>Astaro/ConfdPlRPC.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  8. Astaro::ConfdPlRPC::AUTOLOAD:116() /</var/webadmin/webadmin.plx>Astaro/ConfdPlRPC.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  9. (eval):1() (eval 8294)
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  10. wfe::asg::modules::asg_connector::AUTOLOAD:314() /</var/webadmin/webadmin.plx>wfe/asg/modules/asg_connector.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  11. wfe::asg::modules::asg_ca::_get_certificate_chain:1405() /</var/webadmin/webadmin.plx>wfe/asg/modules/asg_ca.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  12. wfe::asg::modules::asg_ca::func_ca_certs:395() /</var/webadmin/webadmin.plx>wfe/asg/modules/asg_ca.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  13. (eval):283() asg.plx
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  14. main::top-level:279() asg.plx
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: |=========================================================================
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: I exit with 57
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  1. main::END:593() asg.plx

Maybee this occurs only with many certificates on a system - i have aprox. 4000 certs there (for ssl-vpn users)

The Rest-api seems to work - have not tested deeper there until now.

anyone else with this problem?

 



This thread was automatically locked due to age.
Parents Reply
  • Thanks for the hint Bob, but i think we have an other problem added with the new support for certifikate chains in 9.7.

    Getting Certificates over the Rest-API is no problem.

    But i have no idea how to upload a pkcs12 to utm this way. This would be a workaround until the certificate management tab in webadmin works again (if you have a lot of users)

     

    Regards Stefan

Children
No Data