i updated one of my test-utm from 9.6x to 9.7005.
After the update i cant manage certificates in "webserver protection / certificate management" or "Site 2 Site 'VPN / certificate management"
in log files:
Maybee this occurs only with many certificates on a system - i have aprox. 4000 certs there (for ssl-vpn users)
The Rest-api seems to work - have not tested deeper there until now.
anyone else with this problem?
What does Sophos Support say?
waiting for an answer from support ...
Would you please DM me the Support case number?
3 weeks later - no reaction from support until now ... :(
wenn Sie uns kontaktieren, können wir versuchen Sie bei den Problemen zu unterstützen.
I have the exact same problem.
Is there an solution/workaround?
I need to upload a new certificate and I'm not able to do it.
As a workaround, is it possible to upload a .pfx through terminal?
no solution or workaround from Sohos until now.
But there must be a way over the Rest-API from UTM.
If you have Support open a case @Sophos and refer to my case with nr. 9394118
@Sophos: can you post us the neccesary rest-requests against the api to upload a certificate as a workaround until a solution is available?
I had contact with Sophos last week - but no solution so until now ...
I remember having problems a year ago with downloading certificates because there were parentheses in the name: Modify a certificate at the command line so that it can be downloaded in WebAdmin in 9.510. Does that resolve your issue?
Cheers - Bob
Thanks for the hint Bob, but i think we have an other problem added with the new support for certifikate chains in 9.7.
Getting Certificates over the Rest-API is no problem.
But i have no idea how to upload a pkcs12 to utm this way. This would be a workaround until the certificate management tab in webadmin works again (if you have a lot of users)
Got on workaround:
If you have more than 755 the certificates tab is not working anymore. If you delete a user the coresponding certificate will be deleted too. I had to delete users till i got to 750 certificates.
From what I observed there is a TTL at 60 sec. If the certificates tab is needing more than 60 seconds then the process is dead.
So, I assume you have tot delete till you get under 60sec. for me that was 750 certificates.