Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 14116 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bug: Portals and Certificates

Wintemrute

Hi All

Did someone manage to replace the certificate for the Admin-/User-/Captive-Portal?

What I tried so far:

  • Create cert via Letsencrypt.org and upload it to Objects - Identity - Certificate
  • Create a CSR via certificate menu and let it sign from Letencrypt.org
  • Create a selfsigned cert and uploaded it

I always got the same outcome:

Authority gets a red "x" (Manual doesn't help much there in explaining what it means) and under System - Administration - Settings - Admin Port Settings I can only choose the default ApplianceCertificate cert.

Has someone an idea what I'm doing wrong?

Thanks Roman



This thread was automatically locked due to age.
  • 0

    The Authority will come up with a red X because the Authority which generated the certificate has not been loaded into Objects > Identity > Certificate Authority. Now this is an amusing problem which I would be able to get you the bug tracking code from Sophos if the Astaro.org forums were fully functional wherein uploading a PKCS12 cert does not pull in the Root Authority Certificate into the Certificate Authority section from the certificate chain.

    If you upload the Root Authority Certificate used to self sign the certificate into that section and re-upload your cert, the authority should come up with a green tick.

    If your certificate only has one level of identity and technically signed itself, uploading the same certificate to both certificates and certificate authority may work.

    But there's a reason why you have a certificate chain where one certificate signs another because self signed certs with only a single level of trust cannot (more "should not") be trusted.

  • 0

    So, I think I got it and I did nothing wrong......

    How can I raise a bug?

    When I try to load the Let's Encrypt CA Cert to Objects - Identity - Certificate Authority it always fails.

    Digging deeper into the logs I found following:

    790 2015-12-04 19:54:38.537 GMTSTATEMENT:  select substr(mergetext(caname || ','),0,length(mergetext(caname || ','))) from tblrootcainfo where companyid in (select caid from tblrootcadetail where rtrim(subject,chr(10))='/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1') and caname || '.pem' != 'AAAA_LetsEncryptAuthX1.pem';

    21530 2015-12-04 19:54:38.577 GMTERROR:  syntax error at or near "s" at character 53

    21530 2015-12-04 19:54:38.577 GMTSTATEMENT:  insert into tblrootcadetail values(240,'/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1')

    21530 2015-12-04 19:54:38.581 GMTERROR:  current transaction is aborted, commands ignored until end of transaction block

    For me it looks like a classical quoting error of the hyphen....

    Regards Roman

  • 0 in reply to Wintemrute

    Hi,

    I can confirm this bug. How do we get attention from Sophos to get this fixed?

    Regards
    Ingo

  • 0 in reply to IngoTheiss

    Thank you for your feedback. will look into it. and it may get fixed in upcoming releases of XG.

    Regards,

    Vivek

Unfiltered HTML