This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to regenerate X509 cert because the CA being used is expired and I cannot delete

So we are going to be wanting to use SSL VPN on our UTM, but I'm having issues getting it to work.  Looks as though all the X509 certs are expired and I cannot regenerate.  So I tried to create a new one, but once a new one is created, it is set as expired.

After further investigation, I'm seeing that the CA being used is expired, and it looks to be a private CERT which I cannot seem to do anything with.  I cannot delete because says it is being used, but just about everything.  

Does anyone know a way to get this removed without having to reset my entire firewall?  Thank you.



This thread was automatically locked due to age.
Parents
  • Hi  

    It looks like you are not using the default Sophos generated "VPN Signing CA" which normally is valid until "Jan 1 00:00:00: 2038 GMT" like your "Remote Ethernet Device CA".

    If you have that one still in place, you could change the services under "01)" to use that one. But be aware. After that I think you have to regnerate all the user certificates.


    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
  • How do I go about changing those services under '01'?   I don't have any user vpn certs right now, so I want to make that change for any new Certs being created.  Currently, new certs are coming out expired.

    -Joe

  • Make a full backup just in case.

    Change those 3 locations to the original "VPN Signing CA"

    1. Site-to-Site VPN -> SSL -> Advanced

    2. Site-to-Site VPN -> IPsec -> Advanced

    3. Remote Access -> L2TP over IPsec -> Global (no screenshot available)

    If this is not used enable it, change to preshared key and disable it.


    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
Reply
  • Make a full backup just in case.

    Change those 3 locations to the original "VPN Signing CA"

    1. Site-to-Site VPN -> SSL -> Advanced

    2. Site-to-Site VPN -> IPsec -> Advanced

    3. Remote Access -> L2TP over IPsec -> Global (no screenshot available)

    If this is not used enable it, change to preshared key and disable it.


    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
Children