Expired Authorities update
-
Hello
It might be a simple question, but I don't know how to answer it, so help is appreciated.
I have the expired authority
How do I find what 3 certs are using it?
And how do I update it?
PS: I don't see much difference in my pfS behavior
TIA
-
Hey, your late to the party
Several others threads discuss the 'issue' already.
The solution is simple : delete it.Btw : don't take "delete it" literal.
Of course I also wanted to say : get a pfSense config copy 'in case off'. And then delete it. -
@Gertjan said in Expired Authorities update:
Hey, your late to the party
Several others threads discuss the 'issue' already.
The solution is simple : delete it.Btw : don't take "delete it" literal.
Of course I also wanted to say : get a pfSense config copy 'in case off'. And then delete it.OK copy that
But how do you what certificates it's associated with?
-
-
@chudak said in Expired Authorities update:
But how do you what certificates it's associated with?
Keep in mind that the pfSense cert store isn't the only one that exists
Every Pad, Phone, PC, etc every device that makes TLS connections uses a system wide certificate file, here /usr/local/share/certs/ca-root-nss.crt - see also here /etc/ssl/certs/*You've noticed that the pfSense Certificate store doesn't list all the certs found in /usr/local/share/certs/ca-root-nss.crt and that's good. If people start to mess with that list, thing will go downhill fast.
These are all 'auto signed' and are all the CAs that are 'trusted' out of the box. These lists are updated often as new trust chaines are signed (agreed upon) among the wold's ruling CA authorities.
These two folders are used when pfSense connects (as a client) to the (example) upgrade.netgate.com update/upgrade package server.The pfSense Certificate store is a convenient place were the admin can keep the system's local certificates and intermediate certificates for the local server processes.
