Feature #3697

New backup/restore area: Certificates

Added by Dmitriy K about 7 years ago. Updated over 4 years ago.

Backup / Restore
Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:


It would be nice if we could backup / restore all certificates only.


#1 Updated by Jim Pingle about 7 years ago

  • Target version changed from 2.2 to Future

#2 Updated by Chris Buechler over 5 years ago

  • Subject changed from New area: Certifcates to New backup/restore area: Certificates

#3 Updated by Kill Bill over 4 years ago

Dmitriy K wrote:

It would be nice if we could backup / restore all certificates only.

I don't think so. Imagine you have a bunch of certificates used for:
- webGUI
- OpenVPN
- IPsec
- bunch of different packages (Squid, haproxy, FreeRADIUS ...)
- local users
- ...

Now, you import some certificates backup not matching your current configuration (why'd you be importing it otherwise), and all of the above breaks.

Coding something like this frankly sounds like a nightmare.

#4 Updated by Dmitriy K over 4 years ago

OPNsense implemented it and it works like a charm. Few days ago I was prepping a replacement box and I though I would die copy-pasting never ending certificates.

Honestly, I don't understand you. There are CAs and Certs ... it very easy to read them from xml. Who cares about previous cert assignation? Just import "as is". I will assign them as I want. That's all.

#5 Updated by Kill Bill over 4 years ago

Ah yeah, blindly replacing a config section is indeed absolutely no problem... Who cares that the GUI, VPNs and other services will crash. Afraid this is not the way coding is done in pfSense. If causing tons of collateral damage is OK with some random fork, you are free to use it.

Also available in: Atom PDF