OpenSSL

openvpn: error=CRL has expired

After the former FreshPorts server was retired, its OpenVPN credential were revoked. I maintain those certificates via ssl-admin. I uploaded the new CRL into the System | Certificate Manager | Certificate Revocation page in pfSense. Today, I was seeing strange errors in Nagios, and figured someone wasn’t connected to the VPN. Checking OpenVPN client logs, …

openvpn: error=CRL has expired Read More »

SSL client vs server certificates and bacula-fd

Sometimes I forget about TLS / SSL / x509 certificates being available in both server and client versions, particularly when it comes to private certificate authorities. I use the security/ssl-admin port for that. Today in particular, I spent about 2 hours trying to debug issues while adding TLS to existing Bacula clients. I was getting …

SSL client vs server certificates and bacula-fd Read More »

acme.sh: getting free SSL certificates – installation configuration on FreeBSD

This blog post describes my Let’s Encrypt solution which uses acme.sh and dns-01 challenges to obtain SSL certificates. If you are using HTTP challenges, this post might still be useful, but your configuration will differ slightly. Let’s Encrypt is a certificate authority which has become wildly popular since it was launched in April 2016 (just …

acme.sh: getting free SSL certificates – installation configuration on FreeBSD Read More »