Feature #16561
closed
Please offically support this PHP script for installing SSL Keys & Certs
0%
Description
As you are no doubt aware, the Browser Consortium is cutting down the allowable lifetime for certificates. The current maximum lifetime is 398 days. By March 15, 2026 is will be down to 200 days, reducing in 2027 and 2029 until the allowable lifetime is only 47 days! Not going to debate the wisdom of this here. What this means for those of us maintaining keys and certificates for SSL (and VPN and...) is that we will need to post resigned certs every 46 days (to avoid expiring during the last day). I maintain my SG-5100 for strictly inside use, so cannot rely on Lets Encrypt and the ACME package; no outside Domain that can respond.
I am automating the signing process, and in my research came across pfsense-import-certificate.php -- see the GIT repository at https://github.com/sabey/pfsense-import-certificate/blob/master/pfsense-import-certificate.php). I have not yet tested it on my 5100, but once I get it working it would be AWESOME if Netgate would make it an official part of the build (or an add-in), keeping it working as pfSense evolves.
I am attaching a copy of the script to this request.
Thanks!Files
Updated by Jim Pingle 3 days ago
- Status changed from New to Rejected
That certificate import script uses outdated methods of configuration manipulation. Rather than supporting an external script to handle that sort of thing, there could potentially be an auto-renewal within the GUI/backend, but that's a much different feature request.
Updated by Dennis Adler 1 day ago
Ok, fair enough. Feature Request #16568 has been created.