certd Certificate is expired

Bruce_BriggsBruce_Briggs
in Firebox - Certificates

V12.6.2 U3 T20w

I'm getting the following regularly - 16 times in 30 mins.
What are we supposed to do about it???

2020-10-26 21:11:07 certd Certificate (subject=c=FR,st=France,l=Paris,o=PM/SGDN,ou=DCSSI,cn=IGC/A,email=igca@sgdn.pm.gouv.fr) is expired. msg_id="4001-0004" Event

Comments

  • xxupxxup

    Yep.. I am seeing these in Dimension every 2-3 minutes, while a PC is logged in and surfing the net.. When the PC is shut down - the log entries do not appear..

    Adrian from Australia

  • xxupxxup
    edited October 2020

    UPDATE: I lodged a low priority case to look into this one.. It is only on the T40 not on the other boxes..

    Adrian from Australia

  • Bruce_BriggsBruce_Briggs

    Not the correct answer from support since I have a T20, not a T40.

  • greggmh123greggmh123

    Bruce, where are you seeing those messages? I don't see them in FSM traffic monitor. I have not been logging to Dimension for a long time.

    Gregg Hill

  • Bruce_BriggsBruce_Briggs

    FSM Traffic Monitor

    The T20 & T40 do share the same XTM version download.

  • greggmh123greggmh123

    OK. I don't see those on my T20-W running 12.6.2 U3. I just enabled logging to Dimension on it.

    Gregg Hill

  • greggmh123greggmh123

    I got one so far in Dimension.

    FWStatus
    Certificate (subject:c:FR
    st:France
    l:Paris
    o:PM/SGDN
    ou:DCSSI
    cn:IGC/A
    email:igca@sgdn.pm.gouv.fr) is expired.
    pri=6
    proc_id=certd
    msg_id=4001-0004

    Gregg Hill

  • xxupxxup

    @Bruce_Briggs said:
    Not the correct answer from support since I have a T20, not a T40.

    I should have read my answer better. It is not on any of my other boxes (T70 and T15) - only my T40.. Support apparently have not seen the problem before.. I have a few questions to answer for them.. I will update with the results..

    Adrian from Australia

  • xxupxxup

    The certificate is on the FireBox...

    Expired 2020-10-27 08:43 Trusted CA for Proxies RSA c=FR st=France l=Paris o=PM/SGDN ou=DCSSI cn=IGC/A email=igca@sgdn.pm.gouv.fr

    If you delete it and reboot the Firebox. it is gone forever.. That will solve the problem tactically, but begs the question of why did WatchGuard put it there in the first place?

    Interestingly, the certificate is also on my T70 and it seems to have expired on Oct 17 and is showing as expired on my Firebox, but there are no log messages like there are on the T40.. Bug?

    T70's certificate:
    Subject name c=FR st=France l=Paris o=PM/SGDN ou=DCSSI cn=IGC/A
    Subject alt name
    Imported/Created Tue Oct 27 2020 09:22:28 GMT+1000 (Australian Eastern Standard Time)
    Issuer c=FR st=France l=Paris o=PM/SGDN ou=DCSSI cn=IGC/A
    Valid from Dec 13 14:29:00 2002 GMT
    Valid to Oct 17 14:29:00 2020 GMT
    Algorithm RSA
    Key length 2048
    Key usage Signature
    Extended key usage CA Cert
    Fingerprint 60:D6:89:74:B5:C2:65:9E:8A:0F:C1:88:7C:88:D2:46:69:1B:18:2C

    At this stage there are no other messages related to the certificate on the T40 (e.g. missing certificate)..

    Adrian from Australia

  • Bruce_BriggsBruce_Briggs

    Another "feature" of V12.6.2

  • greggmh123greggmh123

    I just deleted it from mine. I have not upgraded my T35 yet to 12.5.5 whatever. I'll do that and check before and after for that cert.

    Gregg Hill

  • xxupxxup

    We got a result of sorts from Support. The T20/T40 is working normally in that it informed us of an expired certificate. It seems that the other boxes have a "bug", because they did not report an expired certificate. However, I need to lodge a case for the other boxes so that the "bug" can be captured.

    As an aside, I was also informed that the certificate must have been imported by me. I explained that the T15 is a test lab box and is factory reset every time we do a beta test (i.e. we do not import any configurations on to this box) - so the certificate must have come with the box.. Why on earth would an Australian import what looks like a French Government CA certificate on all their Fireboxes? The WatchGuard support guys are really good, but some days it can be hard going getting the message across to them..

    Adrian from Australia

  • Bruce_BriggsBruce_Briggs

    I did not import this cert.
    Support is still a little confused.

  • greggmh123greggmh123

    It absolutely is NOT a self-imported cert. I know that I didn't do it on my T20-W.

    Gregg Hill

  • greggmh123greggmh123

    I just connected my T35 running 12.5.5 build 672719.

    These are its expired certs:

    Expired 2020-08-20 14:07 Trusted CA for Proxies RSA c=FR st=France l=Paris o=PM/SGDN ou=DCSSI cn=IGC/A

    Expired 2020-03-21 17:48 CA Cert RSA c=US st=New Jersey l=Jersey City o=The USERTRUST Network cn=USERTrust RSA Certification Authority

    Expired 2020-03-21 17:48 CA Cert RSA c=SE o=AddTrust AB ou=AddTrust
    External TTP Network cn=AddTrust External CA Root

    I am going to upgrade to 12.5.5 U1 to see if it is any different.

    Gregg Hill

  • greggmh123greggmh123

    Now on 12.5.5. U1:

    Expired 2020-11-02 15:49 Trusted CA for Proxies RSA c=FR st=France l=Paris o=PM/SGDN ou=DCSSI cn=IGC/A

    Expired 2020-03-21 17:48 CA Cert RSA c=US st=New Jersey l=Jersey City o=The USERTRUST Network cn=USERTrust RSA Certification Authority

    Expired 2020-03-21 17:48 CA Cert RSA c=SE o=AddTrust AB ou=AddTrust External TTP Network cn=AddTrust External CA Root

    I am going to delete all of the expired certs.

    Gregg Hill

Sign In to comment.