New Proxy Authority Certificate doesn't work
currently have the problem that when I generate a CSR for a new Proxy Authority Certificate and have it countersigned by our internal PKI, I get an error message when importing the certificate that the Root CA is required. But this is already imported.
I do not know where this error is currently located.
0
Sign In to comment.
Answers
Hi @Daniel_P30
The firewall likely doesn't trust the chain. Try importing the root cert from your CA as "webserver/other" and then any intermediaries (if they exist) as "webserver/other"
The firewall only looks there to build the chain for imported certs.
If you still can't get it to install, I'd suggest opening a case so that support can look at it with you.
-James Carson
WatchGuard Customer Support
Hi @James_Carson
Thanks for your answer. But very strange ist when I try to import the Proxy Authority Ca over the WEB GUI or Systemanager I always the prolem when I am sekd to import the CA root that this fild is empot again afoter importing the CA root. How can this be?
Hi @Daniel_P30
The firewall won't trust the cert by default unless the root (and any intermediary/leaf cert) in the chain are installed. You should only need to install them once, but resetting the firewall to factory defaults may be erasing them if you did that at any point.
-James Carson
WatchGuard Customer Support
Hi @James_Carson,
I have fixed that problem with the following steps.
From a Windows machineopened the certificate that you were planning to import on the Firebox
On the window that appears we've clicked on "Certiface Path".
On the "Certificate Path" tab we've clicked on the First certificate of the tree and we clicked on "View Certificate"
On the new window that appears used the button "Copy on file" in order to export this certificate as BASE64.