Author Topic: Certificate renewal (Read 3410 times)

XeroX · « **on:** September 25, 2021, 03:24:50 pm »

Hello,
is there any way to renew certificates that have been issued?

I use this as "light" CA, as other systems are to comlicated.

Cheers

bartjsmit · « **Reply #1 on:** September 25, 2021, 11:21:02 pm »

You can create a certificate signing request from an existing certificate:

openssl x509 -x509toreq -in old.crt -signkey private.key -out new.csr

Then sign this with System, Trust, Certificates, click + and select 'Sign a Certificate Signing Request'

Bart...

XeroX · « **Reply #2 on:** October 06, 2021, 03:41:24 pm »

I've to dig this up again. This feels unconfortable when the private key was generated by opnsense and I don't know where the certificates are on the FS.

Thanks for the tipp bartjsmit, but this doesn't work with a SubCA.

Is there a way to renew a certificate previously signed within OPNSense via CLI?

Fright · « **Reply #3 on:** October 06, 2021, 07:11:27 pm »

hi
Could you describe in more detail the initial data and the final goal?

XeroX · « **Reply #4 on:** October 09, 2021, 12:00:54 pm »

I do have the following certificates issued by OPNSense.

CA
|_ Inspection CA -> SSL Inspection Web Proxy
|_ Signing CA
|_ Several Certificates for Web Servers

Now some certificates for webservers are expired and the inspection CA is expired. How to get these resigned with the same private key or if only possible to resign without private key?

I thought there is a better way than deleting and issue again.

Fright · « **Reply #5 on:** October 09, 2021, 12:33:36 pm »

ah
you can try to export "old" certs .crt and .key files from System: Trust: Authorities (for CA cert) or System: Trust: Certificates (for server's certs).
then do what @bartjsmit advised.
what didn't work for CA?
did you specify the keyUsage?

XeroX · « **Reply #6 on:** October 09, 2021, 03:08:22 pm »

Quote from: Fright on October 09, 2021, 12:33:36 pm

ah
you can try to export "old" certs .crt and .key files from System: Trust: Authorities (for CA cert) or System: Trust: Certificates (for server's certs).
then do what @bartjsmit advised.
what didn't work for CA?
did you specify the keyUsage?

Thank you. No everything works with the CA, however I thought a simple renew button would have been nice as long as the private keys are managed by OPNSense.

Fright · « **Reply #7 on:** October 09, 2021, 04:01:20 pm »

sorry, didn't guess that this is a hint of adding a new feature

XeroX · « **Reply #8 on:** October 09, 2021, 05:13:49 pm »

Quote from: Fright on October 09, 2021, 04:01:20 pm

sorry, didn't guess that this is a hint of adding a new feature

Kind of. Actually the question was more like "am I blind", "is there an easy way" or "can I achieve this via cmdline" to renew certificates.

However thanks for help!

Author Topic: Certificate renewal (Read 3410 times)

XeroX

Certificate renewal

bartjsmit

Re: Certificate renewal

XeroX

Re: Certificate renewal

Fright

Re: Certificate renewal

XeroX

Re: Certificate renewal

Fright

Re: Certificate renewal

XeroX

Re: Certificate renewal

Fright

Re: Certificate renewal

XeroX

Re: Certificate renewal