Valid personal certificate and IE 9.x
-
Hi
How do I create a valid personal certificate in pfSense 2.0.1 64-bit so that when I access with IE 9.x 64 bit, this window
does not appear more?
Thanks
Bye
-
You need to add the CA root key to IE trusted source – you can export your CA under cert manager.
You can still have issues - depending what you used for the common name when you created the cert and certificates.
So I added CA to IE - and created cert that used proper common name for my FQDN of pfsense.local.lan
So you see from my attached pics -- if I use fqdn to access it trusts it now, but if I use IP it still does not like it ;)
edit2: You know this is a good article for the wiki, now that I have access I should put up the instructions - or maybe they are already there?
-
Or create and import a certificate from an already trusted root source.
I'm sure I read something about doing that very recently but I can't remember where now. :-\ You usually have to pay for them though.Steve
Edit: It was these guys: https://www.startssl.com/
I've never used them though, I offer no recommendation. ;)Edit2: In fact there are quite a few posts about this on the forum. For example: http://forum.pfsense.org/index.php?topic=48210.0
-
Sorry but I have not yet understood the correct and free method to avoid displaying of the IE 9.x warning page.
Thanks
Bye
-
If you are asking about only one or two clients then just add your self signed certificate as a trusted source. If it's many clients then get a real certificate.
Steve
-
"you can export your CA under cert manager."
So what part do you not understand about that? Then import into IE
-
-
you download the ca crt file, not the key? Then in IE you go into your certificates and trusted root CA and import it.
Now any cert that the pfsense CA signs you will trust and not get that warning. Make sure you then create a cert to use as your web gui and that uses the common name of how you access your web gui. https://host.something.tld
-
you download the ca crt file, not the key? Then in IE you go into your certificates and trusted root CA and import it.
Now any cert that the pfsense CA signs you will trust and not get that warning. Make sure you then create a cert to use as your web gui and that uses the common name of how you access your web gui. https://host.something.tld
I had download the crt file created by pfSense, but then when I try to import this file in IE 9.x, the message above is displayed.
Also, I can not your last sentence. What you wanted to say?
Thanks
Bye
-
what message? I don't see any import screen. Also could you make your screenshots a bit bigger? Its like trying to read a postage stamp. You can attach directly as well you don't have to use imgur
I think you download the wrong file then if your importing the correct thing.
As to last sentence – you have to use a FQDN to access pfsense if you don't want failure - if your using IP IE won't accept the cert you create. you need to put this is the common name of the cert you create.
-
what message? I don't see any import screen. Also could you make your screenshots a bit bigger? Its like trying to read a postage stamp. You can attach directly as well you don't have to use imgur
I think you download the wrong file then if your importing the correct thing.
As to last sentence – you have to use a FQDN to access pfsense if you don't want failure - if your using IP IE won't accept the cert you create. you need to put this is the common name of the cert you create.
Where I'm wrong?
Thanks
Bye
-
again your screenshot is so small - I am having a hard time reading it. But looks more like you can not access the file to me - but looks like spanish so might be wrong?
can you open the file in text viewer? should look something like
can you not just attached your images in native resolution so can actually view them.
-
-
much better - thanks.
"impossible to recognize the type of file, select another file"
so can you view the file in text viewer - does it look like my file? the cert is just a text file with a .crt ext.
I would verify you file got downloaded ok by opening with text viewer - and then make sure your importing into the correct place
if file is ok, and using the correct import wizard, etc. and still giving you that error than would have to guess you go something wrong with your IE/OS if can not understand a .crt file.
did your download even finish? What is the yellow IE bar on the bottom of your window?
-
I would look to see if your .crt association has been changed? Are you on xp, vista, 7?
once you have verified that it downloaded correctly with your text viewer software.
-
When I create a valid personal certificate, what should I put in the "Common Name"?
I use windows 7 SP1 64-bit.
Thanks
Bye
-
Could you help me again?
Thanks
Bye
-
Unless you have changed it the common name would be 'pfsense'. It's whatever your machine is seen as. E.g. pfSense.yourdomain.com.
Steve
-
-
It is TEXT file - I already showed you what it should look like - OPEN it with your favorite TEXT VIEWER!!
Does it look like the one I posted?
What personal cert did you create? I don't see one - your CA lists NO CERTS created.
You need to install the CA .crt file into IE as trusted CA. Then any certs this CA signs IE will now trust - you need a common name on the cert the CA signs to be the FQDN that you use to access pfsense web gui on. do you use https://pfsense.office to access your pfsense web gui? Then that would be the common name pfsense.office of the cert you create that your pfsense CA signs.
I have been on the road - and catching up with RL and work issues, when I get a chance I will create a How to in the wiki of each step to get IE to trust the cert used by the web gui of websense when you access it via https://whatever.something.tld