Management interface certificate problem with 7.1.3-7015
jst3751
Newbie ✭
I have confirmed that when trying to use an actual real certificate with the management page, after restart, the certificate beings is a self signed certificate using the name of the IP of interface XO.
So, if the IP interface X0 is 10.10.10.1, and if you chose any corticate other than the default self-signed certificate named 192.168.168.168, the certificate being used and presented is 10.10.10.1.
This is happening on both a NSA2700 and a TZ270
Is anyone else having this happen after updating firmware to 7.1.3-7015?
Category: Mid Range Firewalls
Tagged:
0
Answers
@JST3751 I checked on my TZ 670, there is a SAN certificate (issued from my private CA) installed, covering multiple IPs and Domain Names. Even after a reboot it stays the same.
At Device → Settings → Administration → Management your custom cert is selected? Because if it's "Use Selfsigned Certificate" it will be issued for the IP mentioned below.
What was the upgrade path? Because my appliance went from 7.1.2 to 7.1.3.
—Michael@BWC
Upgraded from 7.1.1-7058-R3569-HF49799
Yes, even after the reboot, the unit is using a self-signed certificate with the name of the X0 IP even though the management certificate chosen is a custom-specific certificate. And yes, that certificate does show validated under the certificates display list.
This problem is also happening on a TZ270 that was upgraded from 7.1.1-7058-R6162
"Is anyone else having this happen after updating firmware to 7.1.3-7015?"
I can confirm this is an issue.
I can't find my notes when I was troubleshooting this, though I know for sure the issue persists with either an upgraded firmware, or a fresh installation. The issue seems to specifically be related to 7.1.3. I can't confirm, but I want to say I tried with the latest 7.0.X line and the cert worked okay. I know for sure I did a factory reset and applied the 7.1.2 firmware in safemode, created cert and it was okay. Then upgraded to 7.1.3 and it's exactly how you're spelling it out.
Factory reset and then installing 7.1.3 with factory defaults in safemode provided the same results.
The certificate strength doesn't seem to matter, tried with a default CSR and one with buttoned up cert cipher with the same results.
FYI, Sonicwall has provided me a HF to test on the NSA2700 we have. Unfortunately I may not be able to apply that until Saturday morning 02/01/2025 as it does not rise to URGENT PRIORITY as doing so will momentarily disrupt company communications.
I was able to install and have confirmed that 7.1.3-7015-R4056-HF51903 does resolve the problem.
Sonicwall is still working on incorporating the HF into a public release.
Thank you for the heads up. I'm riding out my license and not willing to work with this company any longer unless my firewall has kittens coming out of it. It's nice to hear maybe one thing will get better and not worse before I can escape these buffoons.