Expired Certificates not visible in GUI
-
I just upgraded to 2.5.0. The certificate expiration notification is great. Several expired and nearly-expired certificates were identified, and I've addressed those.
The problem I'm having is that the notification also included 3 certificates that expired over 600 days ago that are not listed under System / Certificate Manager / Certificates.
These appear to be self-signed certs used when pfSense was initially installed. They were long ago replaced with Let's Encrypt certs.
How do I remove these old certificates so I don't keep getting notified?
-
@aeleus said in Expired Certificates not visible in GUI:
I just upgraded to 2.5.0. The certificate expiration notification is great. Several expired and nearly-expired certificates were identified, and I've addressed those.
The problem I'm having is that the notification also included 3 certificates that expired over 600 days ago that are not listed under System / Certificate Manager / Certificates.
These appear to be self-signed certs used when pfSense was initially installed. They were long ago replaced with Let's Encrypt certs.
How do I remove these old certificates so I don't keep getting notified?
I saw the same thing, mine expired 78 days ago. I don't recall seeing any error message any where before.
-
Update: looks like either the old, self-signed certs are being ignored or some process has removed them. I am no longer getting the notification.
-
Nothing would have removed or renewed them automatically. Check the CA and Certificate tab, entries on both tabs will be notified about on 21.02/2.5.0.
If they were old/unused self-signed certs for the GUI then they can be safely removed.
If they are for other purposes or still needed, then you can renew them using the renew option in the GUI or deal with them however you like.
If you choose to renew a CA or self-signed certificate in the GUI you should apply the change from https://redmine.pfsense.org/issues/11514 first.
You can install the System Patches package and then create an entry for
3987c45b3062bebdc925f248fb92dfcb645e7f7d
to apply the fix. -
Can the System Patches now always be used for both 21.02 and 2.5.0 ?
-Rico
-
There is a potential for some things to be different, and moreso as time goes on, but for the time being most of the PHP code is the same on both.
It's worth trying, and if there is a need for a patch specific to Plus 21.02 we can generate one of those as well.