Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 14118 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bug: Portals and Certificates

Wintemrute

Hi All

Did someone manage to replace the certificate for the Admin-/User-/Captive-Portal?

What I tried so far:

  • Create cert via Letsencrypt.org and upload it to Objects - Identity - Certificate
  • Create a CSR via certificate menu and let it sign from Letencrypt.org
  • Create a selfsigned cert and uploaded it

I always got the same outcome:

Authority gets a red "x" (Manual doesn't help much there in explaining what it means) and under System - Administration - Settings - Admin Port Settings I can only choose the default ApplianceCertificate cert.

Has someone an idea what I'm doing wrong?

Thanks Roman



This thread was automatically locked due to age.
Parents
  • 0

    The Authority will come up with a red X because the Authority which generated the certificate has not been loaded into Objects > Identity > Certificate Authority. Now this is an amusing problem which I would be able to get you the bug tracking code from Sophos if the Astaro.org forums were fully functional wherein uploading a PKCS12 cert does not pull in the Root Authority Certificate into the Certificate Authority section from the certificate chain.

    If you upload the Root Authority Certificate used to self sign the certificate into that section and re-upload your cert, the authority should come up with a green tick.

    If your certificate only has one level of identity and technically signed itself, uploading the same certificate to both certificates and certificate authority may work.

    But there's a reason why you have a certificate chain where one certificate signs another because self signed certs with only a single level of trust cannot (more "should not") be trusted.

Reply
  • 0

    The Authority will come up with a red X because the Authority which generated the certificate has not been loaded into Objects > Identity > Certificate Authority. Now this is an amusing problem which I would be able to get you the bug tracking code from Sophos if the Astaro.org forums were fully functional wherein uploading a PKCS12 cert does not pull in the Root Authority Certificate into the Certificate Authority section from the certificate chain.

    If you upload the Root Authority Certificate used to self sign the certificate into that section and re-upload your cert, the authority should come up with a green tick.

    If your certificate only has one level of identity and technically signed itself, uploading the same certificate to both certificates and certificate authority may work.

    But there's a reason why you have a certificate chain where one certificate signs another because self signed certs with only a single level of trust cannot (more "should not") be trusted.

Children
No Data
Unfiltered HTML