Project

General

Profile

Feature #3697

New backup/restore area: Certificates

Added by Dmitriy K about 3 years ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Backup/restore
Target version:
Start date:
06/06/2014
Due date:
% Done:

0%


Description

It would be nice if we could backup / restore all certificates only.

History

#1 Updated by Jim Pingle about 3 years ago

  • Target version changed from 2.2 to Future

#2 Updated by Chris Buechler over 1 year ago

  • Subject changed from New area: Certifcates to New backup/restore area: Certificates

#3 Updated by Kill Bill 5 months ago

Dmitriy K wrote:

It would be nice if we could backup / restore all certificates only.

I don't think so. Imagine you have a bunch of certificates used for:
- webGUI
- OpenVPN
- IPsec
- bunch of different packages (Squid, haproxy, FreeRADIUS ...)
- local users
- ...

Now, you import some certificates backup not matching your current configuration (why'd you be importing it otherwise), and all of the above breaks.

Coding something like this frankly sounds like a nightmare.

#4 Updated by Dmitriy K 5 months ago

OPNsense implemented it and it works like a charm. Few days ago I was prepping a replacement box and I though I would die copy-pasting never ending certificates.

Honestly, I don't understand you. There are CAs and Certs ... it very easy to read them from xml. Who cares about previous cert assignation? Just import "as is". I will assign them as I want. That's all.

#5 Updated by Kill Bill 5 months ago

Ah yeah, blindly replacing a config section is indeed absolutely no problem... Who cares that the GUI, VPNs and other services will crash. Afraid this is not the way coding is done in pfSense. If causing tons of collateral damage is OK with some random fork, you are free to use it.

Also available in: Atom PDF