Netgate 4200 - "The following CA/Certificate entries are expiring ..."?
-
I have a 4200 which is fully updated with latest code. Recently, I started receiving this notification every day:
The following CA/Certificate entries are expiring:
Certificate: GUI default (xxxxxxxxxxxxx) (xxxxxxxxxxxxx): Expiring soon, in 23 days @ 2025-02-23 03:01:00What does this mean, and is it something I should worry about?
-
The webgui certificate is valid for ~1 year. You should renew it from the cert manager at some point.
https://docs.netgate.com/pfsense/en/latest/certificates/certificate.html#renew-a-certificateYou will have to allow the new cert in your browser after doing that.
-
@stephenw10 said in Netgate 4200 - "The following CA/Certificate entries are expiring ..."?:
The webgui certificate is valid for ~1 year. You should renew it from the cert manager at some point.
https://docs.netgate.com/pfsense/en/latest/certificates/certificate.html#renew-a-certificateYou will have to allow the new cert in your browser after doing that.
Thanks! So it looks like there are a few options to choose from when renewing the certificate: Reuse key, Reuse Serial, and Strict Security. I have no idea what any of these mean. Which options should I select?
-
@gweempose
https://docs.netgate.com/pfsense/en/latest/certificates/renew.html#renew-or-reissue-optionsThe defaults should be fine. More useful for very old certs at this point to get them up to date security wise.
