The following CA/Certificate entries are expiring: Certificate: GUI default ...
-
No doubt this is a terribly naive question, but should I expect the GUI certificate to be expiring, and if so, where ought I fetch an updated one?
-
@khb yes. You can just renew it. https://docs.netgate.com/pfsense/en/latest/certificates/index.html
-
@SteveITS said in The following CA/Certificate entries are expiring: Certificate: GUI default ...:
https://docs.netgate.com/pfsense/en/latest/certificates/index.html
Thank you. While I appreciate the security upside of having external “things” certificates expire, what’s the benefit of this for the appliance's local GUI, especially since its self signed?
-
@khb I concur that should prob be longer, but in a recent thread that some of these browser makers are getting a bit overly zealous if you will on even local type certs.
safari seems to have a limit of 825 days for even a local CA.. What I do is create my own ca, sign my pfsense gui cert with that ca that my browser trusts (firefox, and others) I don't use safari.
I set them for 10 years. I also put in the fqdn I am using, currently for my pfsense gui sg4860.home.arpa - yes I know its very creative and imaginative, hehehhe being currently its a netgate sg-4860 model..
I also put in the IP of my lan as SAN, so I can access via name or IP and my browser is happy and doesn't complain. And more than likely will have newer machine well before that cert expires ;)
This one is good from 2024, when I changed over from using local.lan as my local domain to the approved home.arpa domain.
-
In addition per https://forum.netgate.com/post/1236652 they plan to auto-renew it in future versions.
-
Yeah renew!!! Like the movie Logan’s Run you know ?
-
@JonathanLee said in The following CA/Certificate entries are expiring: Certificate: GUI default ...:
Like the movie Logan’s Run you know ?
haha - one of my favs..
Enter the Carousel. This is the time of renewal.
-
@johnpoz with that music going haha
