This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[UTM 9.7005] Bug ? Certificate management in webadmin

Hi,

i updated one of my test-utm from 9.6x to 9.7005.

After the update i cant manage certificates in "webserver protection / certificate management" or "Site 2 Site 'VPN / certificate management"

  • the certificates list is a blank site
  • after 30 sec the well known message  pops up "if i want to give addidional 30 seconds ..."
  • then nothing els occours

 

in log files:

  • i can see entrys in webadmin.log for each certificate in system:
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: |=========================================================================
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: W Complete chain for: REF_pYMkIGSPGKew
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: $VAR1 = [
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:           'C=de, ST=xxxxxxxxxx, L=xxxx, O=KVBB, CN=VPN CA-4096, emailAddress=astaro@xxxxx.lan'
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:         ];
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  1. wfe::asg::modules::asg_ca::_get_certificate_chain:1412() /</var/webadmin/webadmin.plx>wfe/asg/modules/asg_ca.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  2. wfe::asg::modules::asg_ca::func_ca_certs:395() /</var/webadmin/webadmin.plx>wfe/asg/modules/asg_ca.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  3. (eval):283() asg.plx
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  4. main::top-level:279() asg.plx

  • after aprox 1 minute:
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: |=========================================================================
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: I Got Sigterm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  1. main::__ANON__:103() asg.plx
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  2. (eval):445() IO/Handle.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  3. IO::Handle::read:445() IO/Handle.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  4. RPC::PlServer::Comm::Read:162() /</var/webadmin/webadmin.plx>RPC/PlServer/Comm.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  5. RPC::PlClient::Call:109() /</var/webadmin/webadmin.plx>RPC/PlClient.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  6. RPC::PlClient::Object::Astaro::RPC::get_object:5() (eval 1397)
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  7. (eval):118() /</var/webadmin/webadmin.plx>Astaro/ConfdPlRPC.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  8. Astaro::ConfdPlRPC::AUTOLOAD:116() /</var/webadmin/webadmin.plx>Astaro/ConfdPlRPC.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  9. (eval):1() (eval 8294)
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  10. wfe::asg::modules::asg_connector::AUTOLOAD:314() /</var/webadmin/webadmin.plx>wfe/asg/modules/asg_connector.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  11. wfe::asg::modules::asg_ca::_get_certificate_chain:1405() /</var/webadmin/webadmin.plx>wfe/asg/modules/asg_ca.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  12. wfe::asg::modules::asg_ca::func_ca_certs:395() /</var/webadmin/webadmin.plx>wfe/asg/modules/asg_ca.pm
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  13. (eval):283() asg.plx
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  14. main::top-level:279() asg.plx
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: |=========================================================================
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]: I exit with 57
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:
    2019:11:04-17:24:09 fw-pap-test01 webadmin[18126]:  1. main::END:593() asg.plx

Maybee this occurs only with many certificates on a system - i have aprox. 4000 certs there (for ssl-vpn users)

The Rest-api seems to work - have not tested deeper there until now.

anyone else with this problem?

 



This thread was automatically locked due to age.
Parents Reply
  • I think it is not realy a workaround (for me) to delete users with there certertificates until it works. This will only work if you have no use for the certificates of the users ...

    The users you can create again. Maybe automaticaly on backendlogin or per rest-api. - But every user wil get a new certificate and cant login per ssl-vpn ...

     

Children