Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Renewal of Internal CA

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 726 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • provelsP
      provels
      last edited by provels

      Hello. I'm using the CA I created on pfSense for certificates for OpenVPN and some internal servers. When my CA expires, how do I renew it? Do I "Add" and "Import" the data from the old CA (and same to renew the internal certs)? Thanks.

      Peder

      MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
      BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That function was recently added to 2.5.0: https://redmine.pfsense.org/issues/9842

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        provelsP 1 Reply Last reply Reply Quote 0
        • provelsP
          provels @jimp
          last edited by

          @jimp I see, thanks. Not a real big deal for me but could be for some. Hard to believe it's almost 10 years since I created the CA. Happy customer since 1.2.3 on a repurposed Nokia ip530.

          Peder

          MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
          BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            You could spin up a 2.5.0 VM, import your CA, renew it there, export, and then copy the contents back to your current setup.

            If it's that old, though, you'll probably also want to let the renewal process upgrade it to a stronger key/hash/etc.

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            provelsP A 2 Replies Last reply Reply Quote 0
            • provelsP
              provels @jimp
              last edited by

              @jimp No, no, no longer in use (but still on shelf...). I have 2.4.4 and 2.5 now virtual. Thanks for the tip!

              Peder

              MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
              BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

              1 Reply Last reply Reply Quote 0
              • A
                Afforsperao @jimp
                last edited by

                @jimp said in Renewal of Internal CA:

                You could spin up a 2.5.0 VM, import your CA, renew it there, export, and then copy the contents back to your current setup.

                If it's that old, though, you'll probably also want to let the renewal process upgrade it to a stronger key/hash/etc.

                Thanks for the great feedback.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.