Netgate SG-1000 microFirewall

Author Topic: Migrating certificates to new install  (Read 438 times)

0 Members and 1 Guest are viewing this topic.

Offline 0tt0

  • Full Member
  • ***
  • Posts: 278
  • Karma: +0/-0
    • View Profile
Migrating certificates to new install
« on: April 22, 2017, 03:00:48 pm »
I'm in the process of moving config from one pfS to another more powerful hw. both 2.3.3 - old 32bit and new 64bit. I'm about to copy 90% or so to the new install and have backuped up and restored a number of sections one by one - seems to have worked well.

Just had one issue with error msg: "cannot define table bogonsv6: Cannot allocate memory" for some reason, have never seen this. I didn't get around this without changing "Firewall Maximum Table Entries" to a higher value, despite having same default on both installs.

However, I also have a number of CAs, server certs and certificates in Cert manager and NEED those over to the new box. After some quick research I'm still uncertain of how I can automate this.

Generating new ones will be a PITA. Exporting and importing everyone one by one even more so and will take hours. I need a bulk move option.

Can anyone assist with info on this?

TIA,

« Last Edit: April 23, 2017, 06:21:29 am by 0tt0 »

Offline doktornotor

  • Hero Member
  • *****
  • Posts: 8551
  • Karma: +964/-278
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Migrating certificates to new install
« Reply #1 on: April 24, 2017, 04:12:49 am »
Assist with what? They will get imported with config.xml.
Do NOT PM for help!

Offline 0tt0

  • Full Member
  • ***
  • Posts: 278
  • Karma: +0/-0
    • View Profile
Re: Migrating certificates to new install
« Reply #2 on: April 26, 2017, 04:59:30 pm »
Thanks for pointing that out, I have obviously overinterpreted something I read somewhere..

However, then the question morphs into a different one. The certs are in the 'all' export and possibly in the 'system' part? However a lot of other stuff will get imported with 'all' that I want to alter and also the number of NICs (but not interfaces - a number of VLAN interfaces) are different on the two boxes, need to edit something here then I guess.

One piece if info that may be useful is exactly how the xml is imported, are info superimposed or are every section present in file type (all, or parts as chosen) only overwritten? For instance if sections are empty in backup (to be uploaded) will the resultant config then still have what was in that place in the system? I guess it makes most sence that all values are overwritten, so I probably need to edit uploaded file.

I'll do some testing myself, I can always reset config at this early stage of the config.

Thanx,