Add user SSL Certificate on pfSense
-
Hello,
I have a local web server (same LAN as pfSense) and a OpenVPN server setup on pfSense.
All OpenVPN client can reach the local web server (http://192.168.9.200/ or http://maintenanceapi.afapark.com).I recently installed a SSL certificate on this local web server but now when I go on the website I have this
Instead of installing the certificate on each OpenVPN clients do it's possible to install the certificate on pfSense so all users connected to the OpenVPN server have a secure connection to my local web server.
Thanks for your help
-
What does the web server certificate have to do with OpenVPN?
If they are connecting to https://maintenanceapi.afapark.com/ and are being served a valid certificate with that name in the CN and or SAN then the browser doesn't care whether they are being connected via OpenVPN or anything else.
What, exactly, does the browser not like about the certificate?
-
This is a certificate created by me with OpenSSL, this website (https://maintenanceapi.afapark.com/) is only available in local it's not a public domain name.
So my web browser tells me that it's not a trustable certificate and I must install it myself into the windows certificate library -
Yeah. That has nothing to do with OpenVPN. To do that you will have to install a CA on every client that hits that site to avoid certificate errors.
Let's Encrypt is your friend: https://www.letsencrypt.org/
-
Your not going to be able to add a rfc1918 as san to a cert you got somewhere..
I assume afapark.com is you - that site ssl is messed up as well..
-
.@johnpoz Yes afapark.com is us, but this is a completely different web server.
@derelict said in Add user SSL Certificate on pfSense:
Yeah. That has nothing to do with OpenVPN. To do that you will have to install a CA on every client that hits that site to avoid certificate errors.
Let's Encrypt is your friend: https://www.letsencrypt.org/
I thought that by installing the cert directly on pfSense will resolve the problem because all OpenVPN client passes via pfSense to reach this website.
Do it's possible to use https://www.letsencrypt.org/ for a local webserver, because I already tried and had some error message because my domain name is not public (I mean let's encrypt can't reach maintenanceapi.afapark.com/)
-
You will still have to add/trust the CA to all of your clients somehow.
SSL is designed to prevent exactly what you are trying to do.
Figure out let's encrypt on your web server. If that means spending a dollar a month to register a public domain name, then that's what you'll have to do.
You cannot get a domain validated certificate that will be accepted by clients without throwing certificate errors without a publicly-registered domain name.
-
All rights,
Thanks for your help.
Have a good day
-
afapark.com is registered and public... But even the public facing doesn't do https.. It listens on 443 but all it does it give errors.. Can not even connect via s_client to get any info..
