Let's encrypt - SSL certificate

mjr
mjr Posts: 18  Freshman Member
edited July 20 in Security Ideas
Hello!

Is "let's encrypt" SSL certificate support planned on the USG40 (and higher)?
With which version is this activated?

BR, MJR
5 votes

Active · Last Updated

«13

Comments

  • zyman2008
    zyman2008 Posts: 110  Ally Member
    You always can import certificate/private key with pkcs12 format into the USG, not just let's encrypt.

  • mjr
    mjr Posts: 18  Freshman Member
    I know that you can import certificates.

    For some customers it is interessting to be able to use "lets encrypt" certificates.
    Other devices, such as NAS from QNAP, are already prepared for this.
  • zyman2008
    zyman2008 Posts: 110  Ally Member
    I did import let's encrypt certificate on my USG110 for device GUI management.
    And it works.

  • mjr
    mjr Posts: 18  Freshman Member
    Hi zyman2008!
    How long is the certificate valid? Is the renewal process automatically done or do you have to manually update the certificate?

    BR; mjr
  • zyman2008
    zyman2008 Posts: 110  Ally Member
    I'm using certbot on my raspberry Pi behind the USG to auto renew the certificate from let's encrypt.
    Of course, I need manual import the renewal certificate into my USG through the GUI.
    Since it's just take less than 5 mins. every 3 months, so that not a problem, for me.

    If USG can support import certificate via FTP service. Than I can automation all the process.

  • nohona
    nohona Posts: 1  Freshman Member
    Did anyone figure out how to import Let's Encrypt generated certs? Could not get it to work with these instructions. Does the key.pem need to be coverted to a pkcs12?

    Combining key and certificate into a pkcs12

    PKCS#12 incorrect password error #84
  • zyman2008
    zyman2008 Posts: 110  Ally Member
    I only pack the certificate and private key into PKCS12 file.
    # openssl pkcs12 -export -out myusg.p12 -inkey private.key -in certificate.crt

    Then import root & intermediate certificate into Trusted Certificated in USG.
    And import PKCS12 file into My Certificated in USG. (you need to provide the password of p12 file

    That's it.
Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!