Pfsense returns to default certificate after reboot.

  • Hi there, My name is Gozzi
    Everything is in the title.
    My certificate is well installed on both pfsense of my cluster. It never happens on "primary" node, but it randomly happens on "backup" node.
    HTTPS returns on default certificate, so because of HSTS, I'm no longer able to access with FQDN, I need to access to webUI with IP address, and revert back to my certificate…
    ...until next time...  แทงบอลฟรี

    Thanks for any help

  • Rebel Alliance Developer Netgate

    A couple possibilities here, mostly due to XMLRPC sync.

    It sounds to me like you did not import all of the certificates to the primary node. All certificates must be there, so that when you synchronize to the secondary, it also has all certificates. If you only import a cert to the secondary, it will be blown away when the primary synchronizes certificates. So at a minimum, you can solve it by importing the secondary's cert to the primary as well, and then picking it after it synchronizes over.

    The easiest thing to do is have your certificate include names for your entire cluster, and use the same certificate on both. I like to have my HA certificates contain:

    • A SAN for the primary hostname
    • A SAN for the secondary hostname
    • A SAN for the CARP VIP hostname(s)

    After the primary has performed a configuration sync to the secondary, then go into the secondary's Admin options and pick the correct certificate. Otherwise it may have an incorrect cert reference.