Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 41 replies
  • Subscribers 3 subscribers
  • Views 90744 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Errors trying to regenerate certificates (Heartbleed mitigation)

utmfan
Hi all,

My home UTM is throwing an error when I try regenerate certificates and signing CA under the Remote Access->Certificate Management->Advanced

The Confd reported an error without providing any details. 


Any ideas? FWIW, I was able to reset my WebAdmin cert without any trouble.


This thread was automatically locked due to age.
Parents
  • 0

    While an old thread, I ran into this yesterday...

    I experienced the error when I re-did my CA - certificate chain of trust and I removed the old CA, imported the new one, and began removing the old certificates from that CA for users, WebAdmin, etc.  Upon trying to import the newly issued certs, I received the error.

    I'm not sure of the exact cause, but restoring the configuration backup from the previous night fixed the issue.  Random issues like this is why I have it set to take configuration backups daily, as it makes things so much simpler to fix when something starts acting wonky.

    As an FYI for anyone else running into the issue:

    • I do not recommend creating certificates on Sophos, due to the lack of customization to the openssl.cnf and the fact Sophos creates certificates and CAs I don't find secure.  

    • I recommend utilizing openssl on a PC running Windows or a *nix distro, and here is a pre-built openssl config that includes the relevant commands required at the bottom of the config
Reply
  • 0

    While an old thread, I ran into this yesterday...

    I experienced the error when I re-did my CA - certificate chain of trust and I removed the old CA, imported the new one, and began removing the old certificates from that CA for users, WebAdmin, etc.  Upon trying to import the newly issued certs, I received the error.

    I'm not sure of the exact cause, but restoring the configuration backup from the previous night fixed the issue.  Random issues like this is why I have it set to take configuration backups daily, as it makes things so much simpler to fix when something starts acting wonky.

    As an FYI for anyone else running into the issue:

    • I do not recommend creating certificates on Sophos, due to the lack of customization to the openssl.cnf and the fact Sophos creates certificates and CAs I don't find secure.  

    • I recommend utilizing openssl on a PC running Windows or a *nix distro, and here is a pre-built openssl config that includes the relevant commands required at the bottom of the config
Children
No Data