Differences

This shows you the differences between two versions of the page.

--- docs:tips_n_tricks:ipfire.html [27.10.2018 19:09 CEST] – peter
+++ docs:tips_n_tricks:ipfire.html [26.10.2021 09:57 CEST] – peter
@@ Line 2: / Line 2: @@
 //This refers to the open source firewall [[http://www.ipfire.org|IPFire]]//
 ===== Using external CA =====
+==== Setup ====
 Using a hostkey and certificates from an external certificate authority is possible with the following steps and restrictions:
@@ Line 11: / Line 12: @@
   * As you don't have a CA Key on the ipfire, you can't generate client certificate, but you must import them. Starting point is still the "Add" button in the client list, just use the "upload" feature instead of "generate ...".
   * When creating client certificates by //TinyCA2//, pay attention to unset the "add email address to CN" checkbox when signing the request (i.e. creating the certificate) as ipfire obviously can't cope with that extension and throws an internal server error when using the cn value as filename, which contains a slash.
+==== Maintenance ====
+=== Renew certificate ===
+== Openvpn ==
+  - Replace ''/var/ipfire/ovpn/certs/servercert.pem''
+  - ''/usr/local/bin/openvpnctrl -r''
+== https ==
+  - Replace ''/etc/httpd/server.crt''
+  - ''apachectl restart''
 ===== Bugs =====
 ==== IPFire 2.17 (i586) - Core Update 98  ====
   * If a clients certificate subject consists **only** of the comon name (CN), TLS verification will fail due to the regular expression used in ''/usr/lib/openvpn/verify'' to get the value of CN=...