Correct webgui SSL cert management techniques



  • Hello,  I would like to know what the recommend procedure is to handle SSL certs when multiple firewalls are being deployed using the same configuration backup.

    In the 1.2 era I just didn't worry about the ssl certs, the self signed certs that the firewall generated for itself worked just fine for all the firewalls I deployed and I never had any trouble accessing them.

    With version 2.0 I keep running into the firefox sec_error_reused_issuer and serial error when I import a configuration backup and try to setup a firewall for a new site.

    I don't really understand what the fundamental change is that caused the behavior change.  Is it because in the 1.2 series, the CA was regenerated after a configuration import, so the issuer and serial number were always different?  In 2.0 the CA stays with the backup config, so if I create a new cert on firewall A and Firewall B, they both have the same serial number since they are both using a copy of the same CA?

    I would appreciate some suggestions on the easiest way to deal with this.
    Thanks
    Josh



  • 1.2.x and before, like m0n0wall, don't generate certs, they use a single hard coded one.

    Not sure offhand what you're seeing there.


Log in to reply