Yet another SSL Certificate import issue…
-
I am attempting to get the captive portal to SSL since it will be taking usernames and passwords. I have done this in the past, but it has been years, and I last used Godaddy. Well, now I am using InCommon. I am having one hell of a time. I have the following:
X509 Certificate for the host
X509 Intermediate and root
X509 intermediate and root in reverseI assume I have to place this into a bundle, and import it as a certificate (I haven't touched the CA tab, just the certificate tab). The certificate appears to import, says it is signed 'externally,' yet Android browsers are reporting an invalid certificate. I have changed the order several times. What am I missing?
-
By the way, I can post the certs if someone wants a go to build a functional bundle.
-
The root is in the users' browsers. You don't put it on the server.
All you should have to do is import the intermediate as a CA, with no private key, then import the certificate+key. I don't know of anywhere in pfSense that you upload a bundle. It seems to find the intermediates it needs and just does the right thing as if by magic.
-
Thank you very much! That worked! After having to always build bundles for radius, I almost assume it is supposed to be that way everywhere :)
-
Maybe I spoke to soon. Appears to be working for every browser I try, then all of a sudden the captive portal stops working. When I look in the logs, I see this over and over:
lighttpd[27602]: (connections.c.305) SSL: 1 error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback
ideas?
-
If I was to implement an SSL certificate on captive portal I would check Disable HTTPS forwards. Are you attempting to get in the middle of an HTTPS connection? If so, I can't imagine that wouldn't throw all kinds of errors.
-
Thanks, I had figured that out earlier. Seemed to fix that. Merci!
