Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Expired Certificates not visible in GUI

    General pfSense Questions
    4
    6
    88
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aeleus last edited by

      I just upgraded to 2.5.0. The certificate expiration notification is great. Several expired and nearly-expired certificates were identified, and I've addressed those.

      The problem I'm having is that the notification also included 3 certificates that expired over 600 days ago that are not listed under System / Certificate Manager / Certificates.

      These appear to be self-signed certs used when pfSense was initially installed. They were long ago replaced with Let's Encrypt certs.

      How do I remove these old certificates so I don't keep getting notified?

      J A 2 Replies Last reply Reply Quote 1
      • J
        jdeloach @aeleus last edited by jdeloach

        @aeleus said in Expired Certificates not visible in GUI:

        I just upgraded to 2.5.0. The certificate expiration notification is great. Several expired and nearly-expired certificates were identified, and I've addressed those.

        The problem I'm having is that the notification also included 3 certificates that expired over 600 days ago that are not listed under System / Certificate Manager / Certificates.

        These appear to be self-signed certs used when pfSense was initially installed. They were long ago replaced with Let's Encrypt certs.

        How do I remove these old certificates so I don't keep getting notified?

        I saw the same thing, mine expired 78 days ago. I don't recall seeing any error message any where before.

        1 Reply Last reply Reply Quote 0
        • A
          aeleus @aeleus last edited by

          Update: looks like either the old, self-signed certs are being ignored or some process has removed them. I am no longer getting the notification.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            Nothing would have removed or renewed them automatically. Check the CA and Certificate tab, entries on both tabs will be notified about on 21.02/2.5.0.

            If they were old/unused self-signed certs for the GUI then they can be safely removed.

            If they are for other purposes or still needed, then you can renew them using the renew option in the GUI or deal with them however you like.

            If you choose to renew a CA or self-signed certificate in the GUI you should apply the change from https://redmine.pfsense.org/issues/11514 first.

            You can install the System Patches package and then create an entry for 3987c45b3062bebdc925f248fb92dfcb645e7f7d to apply the fix.

            1 Reply Last reply Reply Quote 0
            • Rico
              Rico LAYER 8 Rebel Alliance last edited by

              Can the System Patches now always be used for both 21.02 and 2.5.0 ?

              -Rico

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                There is a potential for some things to be different, and moreso as time goes on, but for the time being most of the PHP code is the same on both.

                It's worth trying, and if there is a need for a patch specific to Plus 21.02 we can generate one of those as well.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy