Messages

I do this, and have done recently.

Make sure you use this:

openssl pkcs12 -in [yourfile.pfx] -out cert.pem -nodes

This ensures the private key is exported without the password.

Not sure if this is your problem, but using the above works perfectly for me with OPNSense.

Proximus,

thanks a million, I guess exporting to crt inst a good idea, however your steps solved the problem..
I also seen a new behavior that's kinda cool.
I imported the cert on gateway1 and did a ha-sync (re-sync all) and it even copied over the cert to gateway2 for me. That didnt used to work in the past, always had to import manually.

Hello all,

So I have found an issue an not sure how to proceed.
Every year I update my SSL cert on my HA cluster and no issues until this time around.
I create the CSR on Windows IIS and then complete the process on namecheap, once I complete the CSR I then export the data with private key to a pfx file (using openssl I break them out to key and crt) and then import to Opnsense. ( I have other applications that use the pfx without issue)

The problem I am having is once I add the cert into opnsense and select that cert for the web interface it becomes unresponsive. I have tried to reboot the node and the only way I can revive it is to restore a backup.

I am able to ping the IP and VIP of the firewall that this cert is bound to but not able to see the webpage.
I see no errors pop up in the console, but beyond that I do not know where else to look.
and even if I restart all services from console it still does not load. and if there is an error while reloading the services I dont catch it since it scrolls so fast.

Any advise or process to figure this issue out?

OPNsense 23.1.1_2-amd64
FreeBSD 13.1-RELEASE-p6
OpenSSL 1.1.1t 7 Feb 2023