certificates expired?

AvePlague

I got this message in the notifications of the back end to my firewall but I don't know what it really means, can you help me?

The following CA/Certificate entries are expiring:
Certificate: webConfigurator default (0000009ff396c) (0000009ff396c): Expired 18606 days ago @ 2022-01-12 03:01:00

I tried to search but didn't find anything.

viragomann

@aveplague
That's the SSL certificate for the pfSense web interface (webConfigurator). The message says, it's already expired. You should have got already a warning before.

As the cert is already expired your browser might struggle to connect to the web interface.

If you can access pfSense check if the stated cert is even in use: System > Advanced > Admin Access > SSL/TLS Certificate

If it is go to System > Certificate Manager > Certificates, search for the certificate and renew it by hitting the "Reissue/renew" button at the right side.

stephenw10

Mmm, like it expired 50 years ago. Which seems..... unlikely!

I'd guess that's epoch time 0? Something odd with that cert, you might want to investigate further.

Steve

Gertjan

@aveplague
Check the time of your system.
NTP is doing well ?

AvePlague

@viragomann said in certificates expired?:

rch for the certificate and renew it by hitting

Thanks for the help. I am new to firewalls like this so I am learning a lot of stuff I don't know much about. I renewed the certs and everything seems fine. I didn't know I had to renew certs, but that's because I wasn't properly analyzing my firewalls config or back end.

I just have the vpn to sort out which I can't seem to get much help on. https://forum.netgate.com/topic/168749/first-time-user-config-guides-for-vpn-on-netgate-2100-firewall if you can help me get it setup and or understand the choices available, I may be able to use this thing like it should be used.

thanks

viragomann

@aveplague said in certificates expired?:

I didn't know I had to renew certs, but that's because I wasn't properly analyzing my firewalls config or back end.

You can activate notification in System > Advanced > Notifications and also check this box at the top of the page:

stephenw10

@aveplague said in certificates expired?:

The following CA/Certificate entries are expiring:
Certificate: webConfigurator default (0000009ff396c) (0000009ff396c): Expired 18606 days ago @ 2022-01-12 03:01:00

I assume that message was generated by that. The clock must have been wrong when the cert was created.

AvePlague

@stephenw10 Probably because when I setup my machine I did so without the Ethernet connected. ? Thing is I setup the computer a bit before I even held the firewall in my hand an set that up. So IDK what caused this, but it seems to be correct now.

stephenw10

Typically it would be because the firewall hardware either doesn't have a battery backed RTC or the battery has gone flat.
Neither is a problem as long as it can sync via ntp.

Steve

AvePlague

@stephenw10 okay thanks