Update an imported Certificate in place

Started by Remington, October 04, 2025, 10:29:12 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 04, 2025, 10:29:12 PM
Hi,

there is a way to import external certificates and keys into OpenSense. Unfortunately those certificates can't be updated anymore, e.g. if the cert is going to expire.

The only way to workaround it to import cert and key again and then assign this certificate to all services that should use it.

This is IMHO unnecessary overheand and I don't understand why OpnSense is enforcing this create and delete process. But happy to learn the rational behind.
I know there are several scripts out there which are automating this, but it is still overhead, those scripts need access to the private key. And those scripts are not able to update the cert for all use cases e.g. captive portal. Most scripts require admin credentials. All things that not increasing the security.

As we all know CAs are going to reduce the lifetime of certificates to month for security reasons, so even imported certificates need to be replaced regularly.

As there are scripts out there updating imported certs seems to be a common use case, I think removing this limitation would be a nice improvement.

Thanks
   Thomas
October 04, 2025, 11:17:41 PM #1
Best create a feature request on github if you want any developer attention to this matter.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions