Let's encrypt - SSL certificate

mjr
mjr Posts: 26  Freshman Member
First Comment Friend Collector Fifth Anniversary
edited July 2 in Security Ideas
Hello!

Is "let's encrypt" SSL certificate support planned on the USG40 (and higher)?
With which version is this activated?

BR, MJR
10 votes

Active · Last Updated

«1345

Comments

  • zyman2008
    zyman2008 Posts: 222  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary
    You always can import certificate/private key with pkcs12 format into the USG, not just let's encrypt.

  • mjr
    mjr Posts: 26  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    I know that you can import certificates.

    For some customers it is interessting to be able to use "lets encrypt" certificates.
    Other devices, such as NAS from QNAP, are already prepared for this.
  • zyman2008
    zyman2008 Posts: 222  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary
    I did import let's encrypt certificate on my USG110 for device GUI management.
    And it works.

  • mjr
    mjr Posts: 26  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    Hi zyman2008!
    How long is the certificate valid? Is the renewal process automatically done or do you have to manually update the certificate?

    BR; mjr
  • zyman2008
    zyman2008 Posts: 222  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary
    I'm using certbot on my raspberry Pi behind the USG to auto renew the certificate from let's encrypt.
    Of course, I need manual import the renewal certificate into my USG through the GUI.
    Since it's just take less than 5 mins. every 3 months, so that not a problem, for me.

    If USG can support import certificate via FTP service. Than I can automation all the process.

  • nohona
    nohona Posts: 1  Freshman Member
    First Comment
    Did anyone figure out how to import Let's Encrypt generated certs? Could not get it to work with these instructions. Does the key.pem need to be coverted to a pkcs12?

    Combining key and certificate into a pkcs12

    PKCS#12 incorrect password error #84
  • zyman2008
    zyman2008 Posts: 222  Master Member
    25 Answers First Comment Friend Collector Seventh Anniversary
    I only pack the certificate and private key into PKCS12 file.
    # openssl pkcs12 -export -out myusg.p12 -inkey private.key -in certificate.crt

    Then import root & intermediate certificate into Trusted Certificated in USG.
    And import PKCS12 file into My Certificated in USG. (you need to provide the password of p12 file

    That's it.