Ldap certificates

[bkp]

Oh great, I was trying to get TLS on ldap working and trying every single combination of settings in the gui CA and certificate screen and when saving a CA I am now getting:

Unable to load /api/v1.0/system/certificateauthority/ status: 500

Now what?

Mar 27 08:33:08 boxserve2 notifier: File "/usr/local/libexec/nas/generate_ssl_certificates.py", line 52, in <module>
Mar 27 08:33:08 boxserve2 notifier: main()
Mar 27 08:33:08 boxserve2 notifier: File "/usr/local/libexec/nas/generate_ssl_certificates.py", line 46, in main
Mar 27 08:33:08 boxserve2 notifier: write_certificates(CAs)
Mar 27 08:33:08 boxserve2 notifier: File "/usr/local/libexec/nas/generate_ssl_certificates.py", line 20, in write_certificates
Mar 27 08:33:08 boxserve2 notifier: for cert in certs:
Mar 27 08:33:08 boxserve2 notifier: File "/usr/local/lib/python2.7/site-packages/django/db/models/query.py", line 96, in __iter__
Mar 27 08:33:08 boxserve2 notifier: self._fetch_all()
Mar 27 08:33:08 boxserve2 notifier: File "/usr/local/lib/python2.7/site-packages/django/db/models/query.py", line 857, in _fetch_all
Mar 27 08:33:08 boxserve2 notifier: self._result_cache = list(self.iterator())
Mar 27 08:33:08 boxserve2 notifier: File "/usr/local/lib/python2.7/site-packages/django/db/models/query.py", line 230, in iterator
Mar 27 08:33:08 boxserve2 notifier: obj = model(*row_data)
Mar 27 08:33:08 boxserve2 notifier: File "/usr/local/www/freenasUI/system/models.py", line 888, in __init__
Mar 27 08:33:08 boxserve2 notifier: super(CertificateAuthority, self).__init__(*args, **kwargs)
Mar 27 08:33:08 boxserve2 notifier: File "/usr/local/www/freenasUI/system/models.py", line 732, in __init__
Mar 27 08:33:08 boxserve2 notifier: self.__load_thingy()
Mar 27 08:33:08 boxserve2 notifier: File "/usr/local/www/freenasUI/system/models.py", line 718, in __load_thingy
Mar 27 08:33:08 boxserve2 notifier: self.__load_certificate()
Mar 27 08:33:08 boxserve2 notifier: File "/usr/local/www/freenasUI/system/models.py", line 708, in __load_certificate
Mar 27 08:33:08 boxserve2 notifier: self.__certificate = self.get_certificate()
Mar 27 08:33:08 boxserve2 notifier: File "/usr/local/www/freenasUI/system/models.py", line 660, in get_certificate
Mar 27 08:33:08 boxserve2 notifier: self.cert_certificate
Mar 27 08:33:08 boxserve2 notifier: File "/usr/local/lib/python2.7/site-packages/OpenSSL/crypto.py", line 1219, in load_certificate
Mar 27 08:33:08 boxserve2 notifier: _raise_current_error()
Mar 27 08:33:08 boxserve2 notifier: File "/usr/local/lib/python2.7/site-packages/OpenSSL/_util.py", line 22, in exception_from_error_queue
Mar 27 08:33:08 boxserve2 notifier: raise exceptionType(errors)
Mar 27 08:33:08 boxserve2 notifier: OpenSSL.crypto.Error: [('PEM routines', 'PEM_read_bio', 'no start line')]

 

[bkp]

Oh, my version is: FreeNAS-9.3-STABLE-201503270027

 

[bkp]

Looks like this has been reported as a "bug". I can't remember exactly what I was doing when it happened. Was I creating a new CA or importing one (I had tried so many combos to try and get TLS and ldap working).

https://bugs.pcbsd.org/issues/6971

 

[bkp]

I followed the temporary fix in the bug report and it did not fix the issue. Also, now when I go to the Directory services page in the GUI, under ldap I'm told: "Sorry, an error occurred". I'm not seeing anything in the message log. I restored the config to see if that was the problem and after the reboot I still can't see the LDAP configuration page. Sigh. Going from bad to worse here.

 

[dlavigne]

Please add a comment to that affect to that bug. At the very least, it shouldn't be creating a traceback.

 

[bkp]

Oops, turns out it wasn't the certificates but the certificate authorities that caused all this headache. I cleared that table and now everything is working again (or at least, to pre-disaster state).