Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Netgate 4200 - "The following CA/Certificate entries are expiring ..."?

    Scheduled Pinned Locked Moved Official Netgate® Hardware
    4 Posts 3 Posters 476 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gweemposeG Offline
      gweempose
      last edited by

      I have a 4200 which is fully updated with latest code. Recently, I started receiving this notification every day:

      The following CA/Certificate entries are expiring:
      Certificate: GUI default (xxxxxxxxxxxxx) (xxxxxxxxxxxxx): Expiring soon, in 23 days @ 2025-02-23 03:01:00

      What does this mean, and is it something I should worry about?

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        The webgui certificate is valid for ~1 year. You should renew it from the cert manager at some point.
        https://docs.netgate.com/pfsense/en/latest/certificates/certificate.html#renew-a-certificate

        You will have to allow the new cert in your browser after doing that.

        gweemposeG 1 Reply Last reply Reply Quote 1
        • gweemposeG Offline
          gweempose @stephenw10
          last edited by

          @stephenw10 said in Netgate 4200 - "The following CA/Certificate entries are expiring ..."?:

          The webgui certificate is valid for ~1 year. You should renew it from the cert manager at some point.
          https://docs.netgate.com/pfsense/en/latest/certificates/certificate.html#renew-a-certificate

          You will have to allow the new cert in your browser after doing that.

          Thanks! So it looks like there are a few options to choose from when renewing the certificate: Reuse key, Reuse Serial, and Strict Security. I have no idea what any of these mean. Which options should I select?

          S 1 Reply Last reply Reply Quote 0
          • S Offline
            SteveITS Rebel Alliance @gweempose
            last edited by

            @gweempose
            https://docs.netgate.com/pfsense/en/latest/certificates/renew.html#renew-or-reissue-options

            The defaults should be fine. More useful for very old certs at this point to get them up to date security wise.

            Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.