Switching to wildcard cert fails until reboot
Steps to reproduce:
1. manually add the Globalsign CA
2. manually add the AlphaSSL intermediate CA
3. manually add a wildcard cert, and name it "*.avant.ca 2017"
4. switch webconfigurator to the new cert
A. all browsers now complain about a broken SSL certificate (although they were still able to see the cert chain somehow)
(Sorry, I didn't think to run openssl s_client to gather all the data, but I'm doing this on another firewall in a few minutes so I should be able to gather additional data there.)
5. reboot firewall
B. all browsers are now happy with the SSL certificate
Don't know if it has anything to do with using '*' in the name, or if switching certs on the fly is just brokenish. Solved by a reboot anyway, so not a serious problem.
#2 Updated by Jim Pingle 6 months ago
- Target version deleted (
I don't have access to a wildcard certificate to verify this but it's unlikely to be related. Changing a certificate on the fly works fine, I do that regularly with Let's Encrypt switching from self-signed to ACME certs.
The name wouldn't matter because internally the certificates are only referenced by their unique ID.
We'll need to find some better/more reliable way to reproduce this. Let's Encrypt will start supporting wildcards next month so we may have a way to test it then.