Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 41 replies
  • Subscribers 3 subscribers
  • Views 93479 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Errors trying to regenerate certificates (Heartbleed mitigation)

utmfan
Hi all,

My home UTM is throwing an error when I try regenerate certificates and signing CA under the Remote Access->Certificate Management->Advanced

The Confd reported an error without providing any details. 


Any ideas? FWIW, I was able to reset my WebAdmin cert without any trouble.


This thread was automatically locked due to age.
Parents
  • 0

    While an old thread, I ran into this yesterday...

    I experienced the error when I re-did my CA - certificate chain of trust and I removed the old CA, imported the new one, and began removing the old certificates from that CA for users, WebAdmin, etc.  Upon trying to import the newly issued certs, I received the error.

    I'm not sure of the exact cause, but restoring the configuration backup from the previous night fixed the issue.  Random issues like this is why I have it set to take configuration backups daily, as it makes things so much simpler to fix when something starts acting wonky.

    As an FYI for anyone else running into the issue:

    • I do not recommend creating certificates on Sophos, due to the lack of customization to the openssl.cnf and the fact Sophos creates certificates and CAs I don't find secure.  

    • I recommend utilizing openssl on a PC running Windows or a *nix distro, and here is a pre-built openssl config that includes the relevant commands required at the bottom of the config

    SilverStone DS380 | AsRock C2750D4I | Alienware 18 In Win Chopin | SuperMicro A1SRi-2758F
    2.4gHz 8C C2750 ; 32GB ECC | 2.5gHz 4C i7 4710MQ ; 32GB 2.4gHz 8C C2758 ; 32GB ECC
    Vantec 4C USB3 PCIe UGT-PCE430-4C | 8GB AMD SLI R9 M290x |
    SSD  | 850 EVO: 120GB | 1TB ; mSATA: 1TB (2) | 850 Pro: 128GB ; 850 EVO: 1TB
    HDD | Seagate: { ST4000VN000 (8) } Z2 ; { HGST HTS721010A (3) } Z2 |
    FreeNAS 11.2 | { PNY Turbo USB3 32GB (2) } Mirror | Win 10 Pro | ESXi 6.7: Sophos UTM 9.6

    Various Wikis, Scripts, & Configs | Prebuilt OpenSSL Config

Reply
  • 0

    While an old thread, I ran into this yesterday...

    I experienced the error when I re-did my CA - certificate chain of trust and I removed the old CA, imported the new one, and began removing the old certificates from that CA for users, WebAdmin, etc.  Upon trying to import the newly issued certs, I received the error.

    I'm not sure of the exact cause, but restoring the configuration backup from the previous night fixed the issue.  Random issues like this is why I have it set to take configuration backups daily, as it makes things so much simpler to fix when something starts acting wonky.

    As an FYI for anyone else running into the issue:

    • I do not recommend creating certificates on Sophos, due to the lack of customization to the openssl.cnf and the fact Sophos creates certificates and CAs I don't find secure.  

    • I recommend utilizing openssl on a PC running Windows or a *nix distro, and here is a pre-built openssl config that includes the relevant commands required at the bottom of the config

    SilverStone DS380 | AsRock C2750D4I | Alienware 18 In Win Chopin | SuperMicro A1SRi-2758F
    2.4gHz 8C C2750 ; 32GB ECC | 2.5gHz 4C i7 4710MQ ; 32GB 2.4gHz 8C C2758 ; 32GB ECC
    Vantec 4C USB3 PCIe UGT-PCE430-4C | 8GB AMD SLI R9 M290x |
    SSD  | 850 EVO: 120GB | 1TB ; mSATA: 1TB (2) | 850 Pro: 128GB ; 850 EVO: 1TB
    HDD | Seagate: { ST4000VN000 (8) } Z2 ; { HGST HTS721010A (3) } Z2 |
    FreeNAS 11.2 | { PNY Turbo USB3 32GB (2) } Mirror | Win 10 Pro | ESXi 6.7: Sophos UTM 9.6

    Various Wikis, Scripts, & Configs | Prebuilt OpenSSL Config

Children
No Data
Unfiltered HTML