"Pending" Web Client cn=WatchGuard Firebox cert

I first noticed during a recent beta that my T35 had a "cn=WatchGuard Firebox" with type of "Web Client" that always showed "Pending" status, even after a reboot. All of my clients' T35 boxes show the same thing.

There is also a "WatchGuard Firebox" with type of "CA Client" that shows Signed status.

I ended up deleting it, expecting it to recreate at the next reboot, which it did not do.

What is the function of the "cn=WatchGuard Firebox" with type of "Web Client" cert, and is it safe to delete it, because it is always stuck at Pending?

Gregg Hill

Comments

  • RalphRalph WatchGuard Representative

    Hello Greg,

    The certificate is used for registration with Cloud. It is created at the registration time.

    There should be two certs created atm. One with a Pending status and one with Signed status. You can ignore/delete the pending one. It's a defect that's corrected on the next major release.

  • Thank you, Ralph. I was wondering why that little bugger showed up all of a sudden! I will delete the Pending one on my clients' boxes. I did that on mine during the beta and saw no issues. I had forgotten about it until today when I was looking at certificates and saw a bunch of Expired ones.

    Maybe I should start a new thread for this, but speaking of the expired ones, when I delete them and then do the check to update trusted CA certs, it says it's current, but the ones that were expired do not get replaced. Shouldn't it replace the expired ones with their current versions?

    Expired 2020-05-22 14:46 Trusted CA for Proxies RSA c=GB st=Greater Manchester l=Salford o=COMODO CA Limited cn=COMODO RSA Certification Authority
    Expired 2020-05-22 14:46 Trusted CA for Proxies RSA c=GB st=Greater Manchester l=Salford o=Comodo CA Limited cn=PositiveSSL CA
    Expired 2020-05-22 14:46 Trusted CA for Proxies RSA c=US o=Equifax Secure Inc. cn=Equifax Secure eBusiness CA-1
    Expired 2020-05-22 14:46 Trusted CA for Proxies RSA c=SE o=AddTrust AB ou=AddTrust TTP Network cn=AddTrust Class 1 CA Root
    Expired 2020-05-22 14:46 Trusted CA for Proxies RSA c=US o=Equifax Secure Inc. cn=Equifax Secure Global eBusiness CA-1
    Expired 2020-05-22 14:46 Trusted CA for Proxies RSA c=SI o=Halcom cn=Halcom CA FO
    Expired 2020-05-22 14:46 Trusted CA for Proxies RSA c=SE o=AddTrust AB ou=AddTrust TTP Network cn=AddTrust Qualified CA Root
    Expired 2020-05-22 14:46 Trusted CA for Proxies RSA c=GB st=Greater Manchester l=Salford o=COMODO CA Limited cn=COMODO High-Assurance Secure Server CA
    Expired 2020-05-22 14:46 Trusted CA for Proxies RSA c=SE o=AddTrust AB ou=AddTrust TTP Network cn=AddTrust Public CA Root
    Expired 2020-05-22 14:46 Trusted CA for Proxies RSA c=GB st=Greater Manchester l=Salford o=COMODO CA Limited cn=COMODO Extended Validation Secure Server CA
    Expired 2020-05-22 14:46 Trusted CA for Proxies RSA c=FR o=KEYNECTIS ou=ROOT cn=KEYNECTIS ROOT CA
    Expired 2020-05-22 14:46 Trusted CA for Proxies RSA c=US o=U.S. Government ou=DoD cn=DoD CLASS 3 Root CA
    Expired 2020-05-22 14:46 Trusted CA for Proxies RSA c=SE o=AddTrust AB ou=AddTrust External TTP Network cn=AddTrust External CA Root

    The "next major release" comment has my attention! Perhaps I should check the beta site again.

    Gregg Hill

Sign In to comment.