Tue May 2 12:26:10 +07 2023

About firewall certificate

Let's Encrypt does not do IP certificate. The redirection in the firewall works with the IP address (redirecting the traffic for authentication to https://a.b.c.d:112081, this mechanism cannot be changed, it is set inside an executable that does not have source file) so it is not possible to set a certified certificate for the firewall.

Also, I did try to install a certificate manually and completely messed up the firewall to the point that Apache was not starting, so there was no more web administration interface no Captive Portal.

I had to restore the following files from backup:

  • /DB/_DB.002/etc/ssl/certs/admin_user.pem
  • /DB/_DB.002/etc/ssl/certs/crl.pem
  • /DB/_DB.002/etc/ssl/certs/fireall.cs.ait.ac.th_host.pem
  • /DB/_DB.002/etc/ssl/certs/imported_Certs/04.pem

This is assuming that we are using the profile 2 and that the certificate installed is 4.

Do not mess manually with the certificates.

Even with no Apache and no Active Portal, the firewall filtering was active.


Posted by Olivier | Permanent link | File under: administration, firewall, backup