Correct webgui SSL cert management techniques
Hello, I would like to know what the recommend procedure is to handle SSL certs when multiple firewalls are being deployed using the same configuration backup.
In the 1.2 era I just didn't worry about the ssl certs, the self signed certs that the firewall generated for itself worked just fine for all the firewalls I deployed and I never had any trouble accessing them.
With version 2.0 I keep running into the firefox sec_error_reused_issuer and serial error when I import a configuration backup and try to setup a firewall for a new site.
I don't really understand what the fundamental change is that caused the behavior change. Is it because in the 1.2 series, the CA was regenerated after a configuration import, so the issuer and serial number were always different? In 2.0 the CA stays with the backup config, so if I create a new cert on firewall A and Firewall B, they both have the same serial number since they are both using a copy of the same CA?
I would appreciate some suggestions on the easiest way to deal with this.
1.2.x and before, like m0n0wall, don't generate certs, they use a single hard coded one.
Not sure offhand what you're seeing there.