Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Correct webgui SSL cert management techniques

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    2 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stompro
      last edited by

      Hello,  I would like to know what the recommend procedure is to handle SSL certs when multiple firewalls are being deployed using the same configuration backup.

      In the 1.2 era I just didn't worry about the ssl certs, the self signed certs that the firewall generated for itself worked just fine for all the firewalls I deployed and I never had any trouble accessing them.

      With version 2.0 I keep running into the firefox sec_error_reused_issuer and serial error when I import a configuration backup and try to setup a firewall for a new site.

      I don't really understand what the fundamental change is that caused the behavior change.  Is it because in the 1.2 series, the CA was regenerated after a configuration import, so the issuer and serial number were always different?  In 2.0 the CA stays with the backup config, so if I create a new cert on firewall A and Firewall B, they both have the same serial number since they are both using a copy of the same CA?

      I would appreciate some suggestions on the easiest way to deal with this.
      Thanks
      Josh

      Hardware used: Alix 2D13 X 10, APU2D4 X 10, SG-2200 X 10, SG-2440 X 4

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        1.2.x and before, like m0n0wall, don't generate certs, they use a single hard coded one.

        Not sure offhand what you're seeing there.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.