mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-15 17:14:46 +00:00
d1e90d3cee
Example output: ``` $ /usr/local/etc/rc.initial.banner *** test-fw.localdomain: OPNsense 18.1.10 (amd64/OpenSSL) *** WAN (vtnet0) -> v4/DHCP4: 172.30.23.2/24 SSH: 256 SHA256:fcMIAgT/vZR/TWP0j8AFROTNnudkU1tP9sRhbsIa8vM (ECDSA) SSH: 256 SHA256:lDenOc5wy2WU0e6sSz2hR9nEFnMqx5c3u1F/pHxgJlY (ED25519) SSH: 2048 SHA256:dsw9srlQHL0hPJlEdR9rL769N30BTZgXG9gXbdZGOkU (RSA) HTTPS X.509 cert: SHA256 Fingerprint=F0:E6:EB:31:E8:87:AF:52:16:4E:84:05:3B:6C:03:2C:C1:DF:5A:E7:36:F4:32:44:3B:B5:57:63:97:45:C3:77 ``` The list of fingerprints is appended after the interface list because the interface list might be pretty long and thus would move the fingerprints out of the screen which we don’t want. Previously (#2427) I suggested to extract the X.509 certificate from the xml config but the difficult part for me who is not so familiar with the implementation of OPNsense is to find the certificate which is actually used by the local web server. I found that `/var/etc/cert.pem` is used in the configuration of the local web server and assume that this is the easier way to implement this in the expectation that the file name does not change without being also changed in this script and that the file exists. If it does not exist, OpenSSL would complain with a useful error message. This commit is one piece to make fully trusted bootstrapping easier. Related to: https://github.com/opnsense/core/issues/2427 Tested on: OPNsense 18.1.10-amd64