Jump to content


Photo

Updating my device's certificate question??


  • Please log in to reply
6 replies to this topic

#1 Michael Manning

Michael Manning
  • Members
  • 196 posts
  • LocationOhio, USA

Posted 12 March 2018 - 09:19 AM

Good Morning all,

 

I really don't have to deal with certificates very often so while this may be obvious to some, I am stuck puzzling over it.

 

Here is the situation - I had to renew my 'Trusted' certificate for my email security gateway, no big deal. I downloaded the key and the chain bundle from the trusted CA and then uploaded them to the appliance. All that worked just fine, except now in the certificate table I see the one this is about to expire in a month AND the one that I just uploaded.

 

The one I just uploaded should be valid as of 3 days ago and doesn't expire for 2 years. Both show as in use, is that normal?

 

Will the one that is expiring in a month fall out of the table once it expires or what??

 

And when I run the digikey certificate validation test it still appears that the expiring cert is in use - normal?

 

Thank you



#2 Larry French

Larry French
  • Members
  • 5 posts

Posted 19 March 2018 - 03:07 PM

Remove the old one.



#3 Michael Manning

Michael Manning
  • Members
  • 196 posts
  • LocationOhio, USA

Posted 05 April 2018 - 12:01 PM

So, I can't see any way to remove the old one; can't select and remove, etc. And as I mentioned above, if I upload the new key and chain bundle I'll see both the old soon to expire listed as well as the new one.

 

But what I just noticed today is that apparently at some point the appliance flushed out the new cert so right no only the soon-to-expire one appears.



#4 Michael Manning

Michael Manning
  • Members
  • 196 posts
  • LocationOhio, USA

Posted 10 April 2018 - 02:56 PM

The old one has expired and we get a certificate error, so I uploaded the new one an still get a certificate error. When I click to remove unused certificate it removed the new one. I guess I'll see if tech support can manage to correct this.



#5 Michael Manning

Michael Manning
  • Members
  • 196 posts
  • LocationOhio, USA

Posted 01 May 2018 - 10:15 AM

Forgot to update this post. I opened a ticked and a tech had to go in and clear out the old certificate. He didn't clarify why it was stuck or why I had no option to remove it, but there it is. Once he removed it behind the scenes the new one became active.



#6 Michael Manning

Michael Manning
  • Members
  • 196 posts
  • LocationOhio, USA

Posted 07 December 2018 - 11:51 AM

So this issue came up again. We had a device failure and I had to set up the 'instant' replacement with the certificate. The device will not accept the certificate (standard SSL, same as what we used in the past). Shared a session with a tech on the phone and even he couldn't get it to accept the cert. Went to GoDaddy and rekeyed the certificate with a new CSR and even then it won't work. The tech is supposedly working on this remotely, but still not resolved. Any other users run into issues loading certificates?



#7 Michael Manning

Michael Manning
  • Members
  • 196 posts
  • LocationOhio, USA

Posted 17 December 2018 - 03:25 PM

We finally have this resolved on the new device. I'm not really sure what the issue is, but when I attempt to upload a certificate from GoDaddy onto the system it never seems to fully apply it. Tried the bundle for apache and for tomcat with no luck. The tech had to do manually combine the file with the private key information to get it to work. 

 

The thing is, this wasn't a problem previously. Not sure if something changed with a system version update or how GoDaddy configure their certs but it sure is frustrating whatever it is.