Jump to content


Photo

Updating my device's certificate question??


  • Please log in to reply
5 replies to this topic

#1 Michael Manning

Michael Manning
  • Members
  • 193 posts
  • LocationOhio, USA

Posted 12 March 2018 - 09:19 AM

Good Morning all,

 

I really don't have to deal with certificates very often so while this may be obvious to some, I am stuck puzzling over it.

 

Here is the situation - I had to renew my 'Trusted' certificate for my email security gateway, no big deal. I downloaded the key and the chain bundle from the trusted CA and then uploaded them to the appliance. All that worked just fine, except now in the certificate table I see the one this is about to expire in a month AND the one that I just uploaded.

 

The one I just uploaded should be valid as of 3 days ago and doesn't expire for 2 years. Both show as in use, is that normal?

 

Will the one that is expiring in a month fall out of the table once it expires or what??

 

And when I run the digikey certificate validation test it still appears that the expiring cert is in use - normal?

 

Thank you



#2 Larry French

Larry French
  • Members
  • 5 posts

Posted 19 March 2018 - 03:07 PM

Remove the old one.



#3 Michael Manning

Michael Manning
  • Members
  • 193 posts
  • LocationOhio, USA

Posted 05 April 2018 - 12:01 PM

So, I can't see any way to remove the old one; can't select and remove, etc. And as I mentioned above, if I upload the new key and chain bundle I'll see both the old soon to expire listed as well as the new one.

 

But what I just noticed today is that apparently at some point the appliance flushed out the new cert so right no only the soon-to-expire one appears.



#4 Michael Manning

Michael Manning
  • Members
  • 193 posts
  • LocationOhio, USA

Posted 10 April 2018 - 02:56 PM

The old one has expired and we get a certificate error, so I uploaded the new one an still get a certificate error. When I click to remove unused certificate it removed the new one. I guess I'll see if tech support can manage to correct this.



#5 Michael Manning

Michael Manning
  • Members
  • 193 posts
  • LocationOhio, USA

Posted 01 May 2018 - 10:15 AM

Forgot to update this post. I opened a ticked and a tech had to go in and clear out the old certificate. He didn't clarify why it was stuck or why I had no option to remove it, but there it is. Once he removed it behind the scenes the new one became active.



#6 Michael Manning

Michael Manning
  • Members
  • 193 posts
  • LocationOhio, USA

Posted 07 December 2018 - 11:51 AM

So this issue came up again. We had a device failure and I had to set up the 'instant' replacement with the certificate. The device will not accept the certificate (standard SSL, same as what we used in the past). Shared a session with a tech on the phone and even he couldn't get it to accept the cert. Went to GoDaddy and rekeyed the certificate with a new CSR and even then it won't work. The tech is supposedly working on this remotely, but still not resolved. Any other users run into issues loading certificates?