Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Correct webgui SSL cert management techniques

    2.0-RC Snapshot Feedback and Problems - RETIRED
    2
    2
    1144
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stompro last edited by

      Hello,  I would like to know what the recommend procedure is to handle SSL certs when multiple firewalls are being deployed using the same configuration backup.

      In the 1.2 era I just didn't worry about the ssl certs, the self signed certs that the firewall generated for itself worked just fine for all the firewalls I deployed and I never had any trouble accessing them.

      With version 2.0 I keep running into the firefox sec_error_reused_issuer and serial error when I import a configuration backup and try to setup a firewall for a new site.

      I don't really understand what the fundamental change is that caused the behavior change.  Is it because in the 1.2 series, the CA was regenerated after a configuration import, so the issuer and serial number were always different?  In 2.0 the CA stays with the backup config, so if I create a new cert on firewall A and Firewall B, they both have the same serial number since they are both using a copy of the same CA?

      I would appreciate some suggestions on the easiest way to deal with this.
      Thanks
      Josh

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        1.2.x and before, like m0n0wall, don't generate certs, they use a single hard coded one.

        Not sure offhand what you're seeing there.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy