Renewal of Internal CA
-
Hello. I'm using the CA I created on pfSense for certificates for OpenVPN and some internal servers. When my CA expires, how do I renew it? Do I "Add" and "Import" the data from the old CA (and same to renew the internal certs)? Thanks.
-
That function was recently added to 2.5.0: https://redmine.pfsense.org/issues/9842
-
@jimp I see, thanks. Not a real big deal for me but could be for some. Hard to believe it's almost 10 years since I created the CA. Happy customer since 1.2.3 on a repurposed Nokia ip530.
-
You could spin up a 2.5.0 VM, import your CA, renew it there, export, and then copy the contents back to your current setup.
If it's that old, though, you'll probably also want to let the renewal process upgrade it to a stronger key/hash/etc.
-
@jimp No, no, no longer in use (but still on shelf...). I have 2.4.4 and 2.5 now virtual. Thanks for the tip!
-
@jimp said in Renewal of Internal CA:
You could spin up a 2.5.0 VM, import your CA, renew it there, export, and then copy the contents back to your current setup.
If it's that old, though, you'll probably also want to let the renewal process upgrade it to a stronger key/hash/etc.
Thanks for the great feedback.
