Valid personal certificate and IE 9.x
-
If you are asking about only one or two clients then just add your self signed certificate as a trusted source. If it's many clients then get a real certificate.
Steve
-
"you can export your CA under cert manager."
So what part do you not understand about that? Then import into IE
-
-
you download the ca crt file, not the key? Then in IE you go into your certificates and trusted root CA and import it.
Now any cert that the pfsense CA signs you will trust and not get that warning. Make sure you then create a cert to use as your web gui and that uses the common name of how you access your web gui. https://host.something.tld
-
you download the ca crt file, not the key? Then in IE you go into your certificates and trusted root CA and import it.
Now any cert that the pfsense CA signs you will trust and not get that warning. Make sure you then create a cert to use as your web gui and that uses the common name of how you access your web gui. https://host.something.tld
I had download the crt file created by pfSense, but then when I try to import this file in IE 9.x, the message above is displayed.
Also, I can not your last sentence. What you wanted to say?
Thanks
Bye
-
what message? I don't see any import screen. Also could you make your screenshots a bit bigger? Its like trying to read a postage stamp. You can attach directly as well you don't have to use imgur
I think you download the wrong file then if your importing the correct thing.
As to last sentence – you have to use a FQDN to access pfsense if you don't want failure - if your using IP IE won't accept the cert you create. you need to put this is the common name of the cert you create.
-
what message? I don't see any import screen. Also could you make your screenshots a bit bigger? Its like trying to read a postage stamp. You can attach directly as well you don't have to use imgur
I think you download the wrong file then if your importing the correct thing.
As to last sentence – you have to use a FQDN to access pfsense if you don't want failure - if your using IP IE won't accept the cert you create. you need to put this is the common name of the cert you create.
Where I'm wrong?
Thanks
Bye
-
again your screenshot is so small - I am having a hard time reading it. But looks more like you can not access the file to me - but looks like spanish so might be wrong?
can you open the file in text viewer? should look something like
can you not just attached your images in native resolution so can actually view them.
-
-
much better - thanks.
"impossible to recognize the type of file, select another file"
so can you view the file in text viewer - does it look like my file? the cert is just a text file with a .crt ext.
I would verify you file got downloaded ok by opening with text viewer - and then make sure your importing into the correct place
if file is ok, and using the correct import wizard, etc. and still giving you that error than would have to guess you go something wrong with your IE/OS if can not understand a .crt file.
did your download even finish? What is the yellow IE bar on the bottom of your window?
-
I would look to see if your .crt association has been changed? Are you on xp, vista, 7?
once you have verified that it downloaded correctly with your text viewer software.
-
When I create a valid personal certificate, what should I put in the "Common Name"?
I use windows 7 SP1 64-bit.
Thanks
Bye
-
Could you help me again?
Thanks
Bye
-
Unless you have changed it the common name would be 'pfsense'. It's whatever your machine is seen as. E.g. pfSense.yourdomain.com.
Steve
-
-
It is TEXT file - I already showed you what it should look like - OPEN it with your favorite TEXT VIEWER!!
Does it look like the one I posted?
What personal cert did you create? I don't see one - your CA lists NO CERTS created.
You need to install the CA .crt file into IE as trusted CA. Then any certs this CA signs IE will now trust - you need a common name on the cert the CA signs to be the FQDN that you use to access pfsense web gui on. do you use https://pfsense.office to access your pfsense web gui? Then that would be the common name pfsense.office of the cert you create that your pfsense CA signs.
I have been on the road - and catching up with RL and work issues, when I get a chance I will create a How to in the wiki of each step to get IE to trust the cert used by the web gui of websense when you access it via https://whatever.something.tld
-
It is TEXT file - I already showed you what it should look like - OPEN it with your favorite TEXT VIEWER!!
Does it look like the one I posted?
What personal cert did you create? I don't see one - your CA lists NO CERTS created.
You need to install the CA .crt file into IE as trusted CA. Then any certs this CA signs IE will now trust - you need a common name on the cert the CA signs to be the FQDN that you use to access pfsense web gui on. do you use https://pfsense.office to access your pfsense web gui? Then that would be the common name pfsense.office of the cert you create that your pfsense CA signs.
I have been on the road - and catching up with RL and work issues, when I get a chance I will create a How to in the wiki of each step to get IE to trust the cert used by the web gui of websense when you access it via https://whatever.something.tld
Sorry again, but in the CAs list, there is a certificate with the pfSense_certificate name that I created. You see it?
Thanks
Bye
-
No there is isnt - that is your CA!!! Not a certificate that has been signed by your CA.. See the big ZERO - well maybe not because your pictures are the size of postage stamps ;) This is ZOOMED into what you posted.
Are you going to look at the file your downloading with your text viewer or NOT!!
You need to install the CA cert into IE, then create a certificate that this CA signed with a common name of your FQDN you use to access pfsense web gui. I don't know how to make it any easier
-
Please remain calm! ;D
Steve
-
Trying too ;)
-
So, how do I create a valid personal certificate?
Thanks
Bye
-
You go to the 'Certificates' tab in Cert Manager and click the '+' sign. Now change to 'Create an internal Certificate'.
This will create a certificate from your CA (that you just created), you can then assign the webGUI to use it.However this will not help with your problem installing the CA key in IE. You should be ab;e to do this whether or not you've created any certificates from it. :-\
I agree with Johnpoz: open the .crt file in a text editor check it's a real and complete file.
Steve