FireCluster Certificate Unmatched

phanaaekITphanaaekIT
in Firebox - FireCluster

In the Web UI under System Status > FireCluster, there are green checkmarks, but on the File Object tab, the Certificate is listed as unmatched while everything else is matched. This setup is an active-passive cluster running version 12.11.4. What steps could resolve this issue?

Comments

  • AmadorAmador
    edited September 23

    In case you are still trying to figure this out:

    1. Use the WatchGuard System Manager to connect to your Firecluster
    2. In the Cluster (Active/Standby) section you should see the Firecluster Members, the master and backup master devices. One at a time right click on the master and backup master device and Select "Firebox System Manager"
    3. For Each device - In the Firebox System Manager select View -> Certificates...
    4. You should be able to compare the certs here. Unless you imported any 3rd party certs, most everything should probably just be Watchguard Trusted/Signed Certs.
    5. To update the certs so both version are the same - Use the button at the bottom that says "Update Trusted CA certificates" then select "Download the latest versions of the Trusted CA certificates" and click OK. Note: I had no issues with this on one FireCluster, but on another I could not select the download option so I had to make the device that could not the master in the cluster (from the master - Tools-> Cluster-> Failover Master).
    6. You will probably get a prompt like "Your device can download new versions of the trusted CA certificates from Live Security Server and install the new certificates. Would you like to update now? You may need to authenticate with an admin password to proceed. Repeat for both devices to make sure both are updated to the same, current versions.
    7. Repeat the update to make sure you have the most current version but once both are updated you will likely get a message saying "The most recent versions of the trusted CA certificates are already installed on this device."
    8. You should be able to log back into the Web UI and look at the FireCluster status again and it should be showing as matched now.
Sign In to comment.