I am trying to assign a external cert to the webui so I don't get the warning message anymore? I imported my cert to the primary box and the setting did not fully synchronize to the passive box. I noticed there is an import and an import HA, do I have to use import HA to make it synch to both boxes?
The import HA key function is related to the encryption of your HA trafic. Basically, you have to export the key from one firewall, and import it into the other one and vice-versa. You only need to do that if you enabled encryption in your HA settings (in Device -> High Availability). What is the current status of your HA on your dashboard? Does it say it's synchronized?
What we are trying to do is use our local CA to sign the cert the webui. So I generated a CSR, imported it into the active PA and then selected that it be applied to the webui. When I went to the passive side I could see the cert but the use on webui was not selected. Then the sync began to fail and then the cert disappeared and the only way I could bring them back into sync was to do it from the passive side.
I understand that you generated the certificate on the firewall but had it signed by your local root CA. That is what we did and it is working for us. Make sure you also import your local root CA so you have the whole chain in your configuration. I can't help you about your synchronization issue, though.
I ran into the same issue and what I found out is that the if you are running an Active/Passvice config you can only have one WEbUI cert per cluster. To get it so you don't have a a cert issue, issue the cert for the HA ip address and use that for your login. You are not able to have a cert per device but one for the cluster.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!