Renewal of Internal CA
-
Hello. I'm using the CA I created on pfSense for certificates for OpenVPN and some internal servers. When my CA expires, how do I renew it? Do I "Add" and "Import" the data from the old CA (and same to renew the internal certs)? Thanks.
-
That function was recently added to 2.5.0: https://redmine.pfsense.org/issues/9842
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp I see, thanks. Not a real big deal for me but could be for some. Hard to believe it's almost 10 years since I created the CA. Happy customer since 1.2.3 on a repurposed Nokia ip530.
-
You could spin up a 2.5.0 VM, import your CA, renew it there, export, and then copy the contents back to your current setup.
If it's that old, though, you'll probably also want to let the renewal process upgrade it to a stronger key/hash/etc.
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp No, no, no longer in use (but still on shelf...). I have 2.4.4 and 2.5 now virtual. Thanks for the tip!
-
@jimp said in Renewal of Internal CA:
You could spin up a 2.5.0 VM, import your CA, renew it there, export, and then copy the contents back to your current setup.
If it's that old, though, you'll probably also want to let the renewal process upgrade it to a stronger key/hash/etc.
Thanks for the great feedback.
