Project

General

Profile

Actions

Feature #3697

open

New backup/restore area: Certificates

Added by Dmitriy K almost 10 years ago. Updated about 7 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Backup / Restore
Target version:
Start date:
06/06/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

It would be nice if we could backup / restore all certificates only.

Actions #1

Updated by Jim Pingle almost 10 years ago

  • Target version changed from 2.2 to Future
Actions #2

Updated by Chris Buechler about 8 years ago

  • Subject changed from New area: Certifcates to New backup/restore area: Certificates
Actions #3

Updated by Kill Bill about 7 years ago

Dmitriy K wrote:

It would be nice if we could backup / restore all certificates only.

I don't think so. Imagine you have a bunch of certificates used for:
- webGUI
- OpenVPN
- IPsec
- bunch of different packages (Squid, haproxy, FreeRADIUS ...)
- local users
- ...

Now, you import some certificates backup not matching your current configuration (why'd you be importing it otherwise), and all of the above breaks.

Coding something like this frankly sounds like a nightmare.

Actions #4

Updated by Dmitriy K about 7 years ago

OPNsense implemented it and it works like a charm. Few days ago I was prepping a replacement box and I though I would die copy-pasting never ending certificates.

Honestly, I don't understand you. There are CAs and Certs ... it very easy to read them from xml. Who cares about previous cert assignation? Just import "as is". I will assign them as I want. That's all.

Actions #5

Updated by Kill Bill about 7 years ago

Ah yeah, blindly replacing a config section is indeed absolutely no problem... Who cares that the GUI, VPNs and other services will crash. Afraid this is not the way coding is done in pfSense. If causing tons of collateral damage is OK with some random fork, you are free to use it.

Actions

Also available in: Atom PDF