Working with a client’s WatchGuard XTM firewall recently I was asked to resolve an issue with the web certificate. The self signed default certificate had expired.
In this post I walk through the steps to renew the default web certificate on a WatchGuard XTM device.
Prior to making any configuration changes always make a backup of the current configuration.
1. Connect to the WatchGuard System Manager, Open Policy Manager, select File, Save, As File.I like to save the changes in the following format: 20161113-cjg-1-clientXTM515.
This allows you to make multiple configuration backups in a single day and sort them very easily.
2. In WatchGuard System Manager you can see the two highlighted certificates that have expired below.
3. In Policy Manager, select the Setup menu, Authentication, Web Server Certificate.
4. Change the settings from the Default certificate signed by Firebox, see below.
To Custom certificate signed by FIrebox. Enter test for the Common Name, Organization Name and Organization Unit Name as below, click OK.
5. Save the configuration to the Firebox (and configuration file as part of the process).
7. You can now see you have a valid certificate with the details o=test CA ou=test cn=test: Valid.
8. In Policy Manager go back to the Setup menu, Authentication, Web Server Certificate. Select Default certificate signed by Firebox, click OK and save the configuration to the firebox again.
9.Your WatchGuard device will now have a new self signed certificate.
1. How to install Exchange 2016 (CU3 and beyond) on Windows Server 2016
2. Office365 PowerShell: How to the find out mailbox sizes in Office365 (and Exchange 2016) using PowerShell
3. WatchGuard: How to resolve “Response denied by WatchGuard HTTP Proxy – Reason: header-line too large”
4. Dell PERC: How to clear the foreign configuration on a HDD using the Raid Configuration Utility