From 9af00831c9a3a3c5293c483ebce479e8876b8995 Mon Sep 17 00:00:00 2001 From: Inocious Date: Wed, 17 Jun 2026 14:50:06 +0200 Subject: [PATCH 1/3] Fix INTCA caref --- plugins/modules/pfsense_ca.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/plugins/modules/pfsense_ca.py b/plugins/modules/pfsense_ca.py index 0c1fb471..1dde9151 100644 --- a/plugins/modules/pfsense_ca.py +++ b/plugins/modules/pfsense_ca.py @@ -422,17 +422,18 @@ def _update(self): (dummy, stdout, stderr) = ('', '', '') if self.params['state'] == 'present': if self.params['method'] == 'existing': - # ca_import will base64 encode the cert + key and will fix 'caref' for CAs that reference each other + # ca_import will base64 encode the cert + key and will fix 'caref' for CAs that reference each other # $ca needs to be an existing reference (particularly 'refid' must be set) before calling ca_import - # key and serial are optional arguments. TODO - handle key and serial + # key and serial are optional arguments. TODO - handle key and serial (dummy, stdout, stderr) = self.pfsense.phpshell(""" - $ca =& lookup_ca('{refid}')['item']; + $caent =& lookup_ca('{refid}'); + $ca =& $caent['item']; ca_import($ca, '{cert}'); + config_set_path("ca/{{$caent['idx']}}", $ca); write_config('Update CA reference'); ca_setup_trust_store(); cert_restart_services(ca_get_all_services('{refid}'));""".format(refid=self.target_elt.find('refid').text, cert=base64.b64decode(self.target_elt.find('crt').text.encode()).decode())) - if self.refresh_crls: (dummy, crl_stdout, crl_stderr) = self.pfsense.phpshell(""" require_once("openvpn.inc"); From a85e74afcbcb4daad03419dd299ea97b8a70a3a1 Mon Sep 17 00:00:00 2001 From: Inocious Date: Fri, 26 Jun 2026 17:51:21 +0200 Subject: [PATCH 2/3] Fix Cert CAref --- plugins/modules/pfsense_cert.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/plugins/modules/pfsense_cert.py b/plugins/modules/pfsense_cert.py index d2043c3a..7863f1bf 100644 --- a/plugins/modules/pfsense_cert.py +++ b/plugins/modules/pfsense_cert.py @@ -340,17 +340,24 @@ def _log_fields(self, before=None): def _update(self): if self.params['state'] == 'present': if self.params['method'] == 'import': + prv_node = self.target_elt.find('prv') + raw_key = base64.b64decode(prv_node.text.encode()).decode() if (prv_node is not None and prv_node.text) else "" # import certificate return self.pfsense.phpshell(""" require_once('certs.inc'); - $cert =& lookup_cert('{refid}'); + $certent = lookup_cert('{refid}'); + $cert = $certent['item']; + cert_import($cert, '{cert}', '{key}'); + + config_set_path("cert/{{$certent['idx']}}", $cert); + $savemsg = sprintf(gettext("Imported certificate %s"), $cert['descr']); write_config($savemsg); cert_restart_services(cert_get_all_services('{refid}')); """.format(refid=self.target_elt.find('refid').text, cert=base64.b64decode(self.target_elt.find('crt').text.encode()).decode(), - key=base64.b64decode(self.target_elt.find('prv').text.encode()).decode())) + key=raw_key)) else: # generate internal certificate return self.pfsense.phpshell(""" From 404148015a84b9f076fc42ad4f57386f241ad633 Mon Sep 17 00:00:00 2001 From: Inocious Date: Fri, 26 Jun 2026 17:55:02 +0200 Subject: [PATCH 3/3] Fix added empty lines typo in pfsense_cert.py --- plugins/modules/pfsense_cert.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/plugins/modules/pfsense_cert.py b/plugins/modules/pfsense_cert.py index 7863f1bf..19636458 100644 --- a/plugins/modules/pfsense_cert.py +++ b/plugins/modules/pfsense_cert.py @@ -347,11 +347,8 @@ def _update(self): require_once('certs.inc'); $certent = lookup_cert('{refid}'); $cert = $certent['item']; - cert_import($cert, '{cert}', '{key}'); - config_set_path("cert/{{$certent['idx']}}", $cert); - $savemsg = sprintf(gettext("Imported certificate %s"), $cert['descr']); write_config($savemsg); cert_restart_services(cert_get_all_services('{refid}'));