Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    webConfigurator forces connections to http

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 4 Posters 866 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      That is connected via https it's just using a self signed certificate. Click on 'not secure' and then on the cert info. You will see it's the pfSense self signed certificate.

      E 1 Reply Last reply Reply Quote 0
      • E
        ErniePantuso @stephenw10
        last edited by

        @stephenw10 said in webConfigurator forces connections to http:

        That is connected via https it's just using a self signed certificate. Click on 'not secure' and then on the cert info. You will see it's the pfSense self signed certificate.

        OK, did that and you're right about the cert but again, in the address bar, there's a red line through "https"...

        johnpozJ NollipfSenseN 2 Replies Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @ErniePantuso
          last edited by

          @ErniePantuso said in webConfigurator forces connections to http:

          there's a red line through "https"...

          Well you should prob ask on your browsers forums why they present it like that.. Pfsense has little control over how a browser presents if the connection security.. And saying its not secure just because it using a self signed cert is just wrong..

          If you don't want it showing that - then user a cert that your browser trusts. Be it one you created with your own CA that your browser trusts, or use a acme cert on it.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Yeah firefox does a better job IMO. But on a Chrome (based) browser if it really is http it appears as:
            Screenshot from 2024-02-29 04-02-29.png

            1 Reply Last reply Reply Quote 0
            • NollipfSenseN
              NollipfSense @ErniePantuso
              last edited by

              @ErniePantuso said in webConfigurator forces connections to http:

              again, in the address bar, there's a red line through "https"...

              You have to tell your OS that you trust the self signed cert so your browser complies...

              pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
              pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                It will still show as https though.

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @stephenw10
                  last edited by

                  The way to get rid of the browser complaints is to create a cert from a CA that the browser trusts.. This is simple enough to do with pfsense.. Or use something like acme to get a trusted cert.

                  I use a combo of both, for stuff that browsers outside of my control will access I use acme (lets encrypt) for stuff that I just manage where to be honest https not even really needed. I mean its all local and on my "management/trusted" vlan anyway.. But I hate the browser balking at stuff.. My pfsense gui, my unifi controller gui, my switches, my printer gui, stuff like that I just sign my own certs with my CA that browser trusts. No more complaints from any browser I use.. FF, Edge, Chrome, etc..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  E 1 Reply Last reply Reply Quote 0
                  • E
                    ErniePantuso @johnpoz
                    last edited by

                    @johnpoz That makes sense. I've used LetsEncrypt before with my own websites/servers but it's unclear to me how to do it with something that's local/internal. If you know of a good guide/tutorial, I'd really appreciate a link.

                    It's also unclear to me how to setup local DNS. (In fact, I have a hard time just understanding local DNS in general.) I think I know that it gets setup/handled by DNS Resolver in pfSense - and I think it works (or can work) more or less like regular DNS to allow me to type "pfsense.lan" rather than "10.1.1.1" (etc. for other local destinations - which would be great) but no one has ever been explain to me (in sufficient detail) how to get that working.

                    Then there's the issue of VLANs and firewall rules (and I'm still a novice when it comes to those.) Currently, I've just setup each VLAN to use Cloudflare and Quad 9 DNS - and internally we just have to use IP addresses.

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator @ErniePantuso
                      last edited by johnpoz

                      @ErniePantuso well I have walked through creating your own CA and having your browser trust it quite a few times here over the years.. Let me find one of my old posts.. BRB

                      edit: here is one https://forum.netgate.com/post/831783

                      Well for dns out of the box pfsense resolves and should be listening on any of its IPs for queries.. If you want it to resolve local resources, then you can either have it register dhcp clients, this can be problematic since it restarts on dhcp events. Or you could create a static/reservation for devices so they always get the same IP and register those.. That works great, or if your setting the devices IP locally or whatever and you want to make sure pfsense resolves that name for you just create a host overrride under the resolver.. For example my nas has a host override.

                      $ nslookup
Default Server:  sg4860.home.arpa
Address:  192.168.9.253

> nas.home.arpa
Server:  sg4860.home.arpa
Address:  192.168.9.253

Name:    nas.home.arpa
Address:  192.168.9.10

                      192.168.9.253 is my pfsense IP on my lan, see how it resolves its own name sg4860.home.arpa, and see how my nas.home.arpa resolves to 192.168.9.10

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      E 1 Reply Last reply Reply Quote 1
                      • E
                        ErniePantuso @johnpoz
                        last edited by

                        @johnpoz Thank you!!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.