How to recover expired certificate
We have a client device with certificate pinned, but the certificate has expired and been updated on our cloudfare. We are unable to update the certificate on the device without it being able to connect to our server, and it is unable to connect because it is using an old certificate. We have looked at the public cert on the client device and see the actual expiry is Dec 31, 24, but Cloudfare updated it already. How do we get the original private cert back? Would advanced certificate management be able to help us at all? We use a normal edge certificate
7 Replies
do not use hpkp with cf
or use hpkp in general
no way to recover this
so once the cert is updated on cloudfare the previous cert is gone for good?
I'm pretty certain but I'd wait for a community champion to respond.
but do not use hpkp.
yea lesson learned lol
https://developers.cloudflare.com/ssl/reference/certificate-pinning/
https://scotthelme.co.uk/hpkp-is-no-more/
Cloudflare Docs
Certificate pinning · Cloudflare SSL/TLS docs
Learn why Cloudflare does not support HTTP public key pinning (HPKP) and consider an alternative solution to prevent certificate misissuance.
Scott Helme
HPKP is no more!
It's been an interesting ride over the last few years but HPKP, or HTTP Public
Key Pinning, is finally coming to the end of its tenure. With support now gone
in the last remaining browser, HPKP has been consigned to the scrap heap.
--------------------------------------------------------------------------------
HPKP
I first wrote about HPKP
these articles might be interesting for you
yea thanks those will help us improve things once we fix this mess