Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Duplicated SerialNumber Cert

    General pfSense Questions
    2
    5
    111
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      al_sedano last edited by al_sedano

      I'm using around 80 user certificates on openVpn connections. I also use the revocation lists (CRL). Last week I discovered an issue: duplicates SerialNumbers (generated by the same CA). This issue took me too many time. I have a powershell script to search duplicate SerialNumber. If you have duplicated serial numbers and you are using CRLs to invalidate certificates, you sould to revoke every certificate with not unique SerialNumber (per CA) and to generate new ones. The script available at https://pastebin.com/JFNPSagN

      https://github.com/alvarsedano/pfSense-Certificate-Viewer

      I hope it can be useful.

      A 1 Reply Last reply Reply Quote 0
      • A
        al_sedano @al_sedano last edited by

        @al_sedano said in Duplicated SerialNumber Cert:

        I'm using around 80 user certificates on openVpn connections. I also use the revocation lists (CRL). Last week I discovered an issue: duplicates SerialNumbers (generated by the same CA). This issue took me too many time. I have a powershell script to search duplicate SerialNumber. If you have duplicated serial numbers and you are using CRLs to invalidate certificates, you sould to revoke every certificate with not unique SerialNumber (per CA) and to generate new ones. The script available at https://pastebin.com/JFNPSagN
        I hope it can be useful.

        Duplicate Certs example
        Duplicated Serial Numbers (per CA)

        Issuer SerialNumber FriendlyName DnsNameList Subject


        internal-ca 2F 5b55afd4962b3 {alopez} alopez
        internal-ca 2F 5b6021151d87c {berchules2} berchules2
        internal-ca 30 5b55b00e16bb3 {auditores1} auditores1
        internal-ca 30 5ba4a21be1e42 {lhEntrada} lhEntrada
        internal-ca 31 5b55b04689a50 {berchules} berchules
        internal-ca 31 5ba4a24d7c5c1 {lhPuesto} lhPuesto
        internal-ca 32 5b55b076b725e {cgomez} cgomez
        internal-ca 32 5ba9ee754e885 {lhSalida} lhSalida

        1 Reply Last reply Reply Quote 0
        • A
          al_sedano last edited by

          Last improved version. Now it admits input file path from console, and shows the CRLs in which the cert is revoked.
          https://github.com/alvarsedano/pfSense-Certificate-Viewer

          1 Reply Last reply Reply Quote 0
          • Pippin
            Pippin last edited by

            For info:

            https://redmine.pfsense.org/issues/3694
            https://forum.netgate.com/topic/69978/generated-certificates-with-non-unique-serial-numbers/2

            A 1 Reply Last reply Reply Quote 0
            • A
              al_sedano @Pippin last edited by

              @Pippin Thank you for show me the origin of the issue. Pointed on github.

              1 Reply Last reply Reply Quote 0

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy