Locked out of gui due to probablly incorrect certificate for https

Snailkhan

hi
i have configured internal ca on pfsene and generated a certificate and selected it for https ..
after i saved settings i got below erro and cannot accee gui any more. i can access ssh.

An error occurred during a connection to 192.168.4.10:7141. Certificate type not approved for application. (Error code: sec_error_inadequate_cert_type)

Attackers might be trying to steal your information from 192.168.4.10 (for example, passwords, messages, or credit cards). NET::ERR_CERT_INVALID

anyway to revert/correct it ?

Snailkhan

i resolved it by following below text from anther post on this forum

i sshed into my fsense box. select optino 8 then type

viconfig

Find (using command mode of vi )
<protocol>https</protocol>
Change it for
<protocol>http</protocol>
Save.

save the config file by writing :wq
then select option 11 to restart webconfigurator .
now i am able to access gui with http..

refrence:
https://forum.pfsense.org/index.php?topic=98701.15

johnpoz

So you created a user cert vs a server cert sounds like..

doktornotor

@Snailkhan:

viconfig

Find (using command mode of vi )
<protocol>https</protocol>
Change it for
<protocol>http</protocol>
Save.

No need to fiddle with vi really…

https://doc.pfsense.org/index.php/I_locked_myself_out_of_the_WebGUI,_help!#HTTP_vs_HTTPS_confusion

Snailkhan

@johnpoz:

So you created a user cert vs a server cert sounds like..

correct..

i later created server certificate and was able to access it with it.
i also installed it in my root certificates and removed the warning..

a bit off topic but now i am searching for a free certificate provider thats trusted in windows as well as android. ..

Gertjan

startssl - and many others ….

johnpoz

You can install your CA into any device that does SSL, why do you need a publicly trusted CA for your webgui??