Messages

Oh, very good to know! Thanks for the reply and context; I hadn't read deeper into the context except that initial post from LetsEncrypt.

My original question about being able to edit certificates in-place on OPNsense still stands, though.

We already automate our certificate rotation across our fleet using a wildcard certificate from LE, so we're poised well for that.
It would just be nice to have a way to quickly update a certificate's contents in OPNsense without leveraging the API.

Hello,

Sorry if this has already been discussed, but I couldn't find any topics on it.

Could the option to edit existing certificates/SSLs through the Web UI be enabled in future releases?

Background:

We use OPNsense at my workplace, and we manage many firewalls across our environment.

Our certificates are generated on a bastion host using letsencrypt, and we distribute the certificates to all of our firewalls from there.
Generating certificates using letsencrypt is not an option for us due to the sheer number of hosts that must have certificates generated.

We then use the api/trust/cert controller's 'set' command to edit the certificate in-place for all OPNsense firewalls with the certificate.
This workflow works really well, but there are occasionally failures on a few firewalls here and there.

The problem we face is when editing a certificate in the Web UI, the "Manual" option is not made available; you're only allowed to create a CSR or reissue and replace.
Ideally, this would be an option for manually updating a certificate in-place without having to import a new certificate.

This topic will become more relevant in the coming years as the letsencrypt durations shorten and my organization shifts towards longer-lived purchased certificates.