Expired WebConfigurator Certificate - What Does It Mean and How to Fix It?
-
Hi everyone,
I'm using pfSense, and I recently noticed an issue in the Certificate Manager. It shows that my webConfigurator default certificate has expired several hundred days ago. The message states:
"The following CA/Certificate entries are expiring:
Certificate: webConfigurator default (63406c5da756f): Expired X days ago @ YYYY-MM-DD HH:MM:SS"My Questions:
What does this expired certificate impact?
Will this cause downtime or require a pfSense reboot?
I want to make sure I'm handling this correctly and not causing any disruptions. Any guidance would be greatly appreciated!Thanks in advance!
-
Some browsers may refuse to connect to it for example.
You can just renew the cert in the cert manager. You will have to accept the new cert in the browser when you then connect to a new page in the gui. No downtime. -
Plan B : on the console : https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html
This created a new GUI self-signed certicate, and the GUI was set to use it :
But my browser (FF) refused to use it ....
( I know, I can reset the GUI by set it to use http a and not https, now I can access the GUI,, export the new cert for the GUI, import in into my system so the browser won't complain anymore, and now switch back to https ... pfffff ) -
I saw renew
what will happen will it fix that expired thing
-
@zikou
Renew will regenerate the certificate, and this will take care of the "Expired" issue. -
hey there,
and while you're at it...instead of renewing, think about creating a new one, putting that default one to rest.
Certificate manager makes that easy... :)
Get your own CA, use that to issue your need future certs...works like a charm.
I use it for internal use in my LAN, I had so far no issues with any browser in use here (FF and chromium). -
Thanks for the useful info.
Mine was expired 150 days ago, but according to the info above, i've just renew-ed.
