Bug #7735
closed
Switching to wildcard cert fails until reboot
Added by Adam Thompson almost 7 years ago.
Updated about 6 years ago.
Affected Architecture:
amd64
Description
Steps to reproduce:
1. manually add the Globalsign CA
2. manually add the AlphaSSL intermediate CA
3. manually add a wildcard cert, and name it "*.avant.ca 2017"
4. switch webconfigurator to the new cert
Observe:
A. all browsers now complain about a broken SSL certificate (although they were still able to see the cert chain somehow)
(Sorry, I didn't think to run openssl s_client to gather all the data, but I'm doing this on another firewall in a few minutes so I should be able to gather additional data there.)
Next steps:
5. reboot firewall
Observe:
B. all browsers are now happy with the SSL certificate
Don't know if it has anything to do with using '*' in the name, or if switching certs on the fly is just brokenish. Solved by a reboot anyway, so not a serious problem.
- Assignee set to Jim Pingle
- Target version set to 2.4.3
- Target version deleted (
2.4.3)
I don't have access to a wildcard certificate to verify this but it's unlikely to be related. Changing a certificate on the fly works fine, I do that regularly with Let's Encrypt switching from self-signed to ACME certs.
The name wouldn't matter because internally the certificates are only referenced by their unique ID.
We'll need to find some better/more reliable way to reproduce this. Let's Encrypt will start supporting wildcards next month so we may have a way to test it then.
I've been unable to reproduce this in the 2.4 stream, so please close either with CAN'T REPRODUCE or FIXED IN 2.4 (or something along those lines).
- Status changed from New to Not a Bug
Also available in: Atom
PDF