FB webserver cert - Why is the imported certificate not shown in the 3rd party certificates list?
Hello,
i'm not able to choose my imported wildcard certificate for the Firebox Web Server ( Access Portal).
I've imported the .pfx file and three freshly imported certificates were shown in the certificate list ( System Manager). CA-CA2-mywildcard. The type of the CA certificates are recognized as 'CA Cert', my wildcard certificate is recognized as 'Web Server' ( also one of the default certificates ( cn=ike2muvpn Server) is listed as 'Web Server'. For other purposes i've another certificate imported on that firebox, cn=myExternalIP and type = 'IPSec / Web'. I'm able to select both of them as 3rd party certificate (Policy Manager), why isn't my wildcard certificate shown?
Firebox M570 Version 12.5.3
System Manager v12.6.3
Policy Manager v12.6.3
Thanks and stay healthy folks
Answers
If you've opened policy manager before you imported your cert, it hasn't loaded the config with the cert there. Try closing policy manager and re-opening it.
If that's not helping, I'd suggest opening a support case so we can take a look at it with you. Any logs or screenshots are going to have the cert name in it, so I would suggest avoiding posting those here.
-James Carson
WatchGuard Customer Support
Hi @SameAsBefore
I removed it because this is not the correct way to refresh the config. This will cause other problems.
If you're running a fully managed firewall, you'll need to close policy manager, and refresh the config (make the firewall call home and update itself with the management server.) Going back and forth between full/basic is completely removing your config history among other things to accomplish the same task.
-James Carson
WatchGuard Customer Support
So, I did this many times, closing policy manager and FSM, updating device 3-5 times, and the Web signed CA cert never showed in Policy manager, on 12.10.4. The Last Download showed the current date and time, Status Complete, each time, but no change in Policy manager when checking back.
Went into the WebUI and the cert showed up just fine under web.
Went into Basic Managed mode and back to Fully managed mode once and the cert appeared in Policy manager as well.
Did not lose Configuration history, its all intact.
Hi @Alex_D
It's potentially possible for the config to persist provided garbage collection hasn't run on the management server -- If it worked for you in that instance, I wouldn't suggest relying on your config history to persist in the future.
-James Carson
WatchGuard Customer Support