OPNsense Forum
English Forums => General Discussion => Topic started by: mhaluska on August 06, 2018, 06:17:55 pm
-
Hi,
I would like to migrate to OPNsense (because past mistake = pfSense).
Anyway, almost everything should be simple, but I've no idea how to migrate existing acme certificates.
If you have some experience, hints are welcome ;-)
Thanks
Marek
-
Hi Marek,
I may be wrong, but at least for us the certificates are simply imported into the certificate section of the firewall to be used for the services running like web GUI, HAProxy, etc...
How have you distributed your certificates up until now? Do you need to push it to different locations or orchestrate via e.g. HAProxy where you can leave all certificates on the system and server them for external access directly.
Cheers,
Franco
-
Hi Franco,
thanks for reply.
I'm using acme certs for web GUI and also HAproxy. Certificates are stored in pfSense certificate "storage". Then for service I'll just add cert from this storage.
I'm just thinking if I need to use some proper naming to import certs to have acme on OPNsense working with those existing certs.
Marek
-
I'm just thinking if I need to use some proper naming to import certs to have acme on OPNsense working with those existing certs.
The acme plugin does not support importing existing LE accounts, private keys and certificates.
Instead, just create them from scratch.
That being said, it is possible to import existing certificates (but they won't be automatically renewed): System -> Trust -> Certificates. Use this to import your old certificates until you got the OPNsense acme plugin working for you.
Regards
- Frank
-
Thanks Frank, this is I think best way.
Marek