SSL routines tls process server certificate certificate verify failed - Authentication error

From Thomas-Krenn-Wiki
Jump to navigation Jump to search

If, when attempting to install additional software under FreeBSD or OPNsense using pkg install, the errors Certificate verification failed for /CN=pkg.opnsense.org and SSL routines: tls_process_server_certificate:certificate verify failed occur, the cause is often an incorrect time on the server or incorrect NTP settings.[1]

Errors

When trying to install additional software under FreeBSD or OPNsense, the following errors appear: 

root@OPNsense:~ # pkg install dmidecode
Updating OPNsense repository catalogue...
Certificate verification failed for /CN=pkg.opnsense.org
882370822144:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /CN=pkg.opnsense.org
882370822144:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
Certificate verification failed for /CN=pkg.opnsense.org
882370822144:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1915:
pkg: https://pkg.opnsense.org/FreeBSD:12:amd64/20.7/latest/meta.txz: Authentication error
repository OPNsense has no meta file, using default settings
Certificate verification failed for /CN=pkg.opnsense.org
[...]

Solution

In this example, the time was set incorrectly on the OPNsense test system, which was approximately 3.5 hours ahead: 

root@OPNsense:~ # date
Fri Feb 28 14:52:52 UTC 2020

After entering NTP servers that can be reached from the test network under Services ‣ Network Time ‣ General, the time was correct: 

root@OPNsense:~ # date
Mon Jul 27 11:20:23 UTC 2020

After this, the installation is possible without problems: 

root@OPNsense:~ # pkg install dmidecode
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        dmidecode: 3.2

Number of packages to be installed: 1

113 KiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching dmidecode-3.2.txz: 100%  113 KiB 115.4kB/s    00:01
Checking integrity... done (0 conflicting)
[1/1] Installing dmidecode-3.2...
[1/1] Extracting dmidecode-3.2: 100%
root@OPNsense:~ #

References

  1. Bootstrap hangs on fetching base-19.1.4 (github.com/opnsense)


Author: Werner Fischer

Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.


Translator: Alina Ranzinger

Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.


Related articles

Activation of FreeBSD Broadcom network cards driver
Show article
Timecounter HPET frequency 19200000 Hz quality 950
Show article
Update FreeBSD
Show article