Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Inherited firewalls with no SSL on webgui

    Scheduled Pinned Locked Moved webGUI
    5 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sharaz
      last edited by

      hello, i have inherited 25 firewalls that seem to all have no SSL on the webgui.

      i tried to create a CA, create a cert, but when i applied it, the webgui restarted and then chrome said the data was garbled.  i had to undo the change by resetting the LAN IP and choosing non-SSL webgui (console restore function didint work for me, first time i tried to use that).

      is there a quick way i can successfully switch these over to SSL without breaking it?

      i cant count how many pfsense installs ive dont over the years and i have never noticed an option to completely discard all SSL option, no idea how or why the previous IT company did that.

      anyone have suggesstions?

      Jonathan

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        What version are these 25 firewalls on?

        The revert works just fine, no matter what version your on.  What is most likely happening is your browser seeing that it connected https to this fqdn wants to go back there!!  Many browsers do this these days..

        You have to clear your browser wanting to go to https for that fqdn.

        As to enable ssl, pfsense comes with a cert out of the box to use for its web gui ssl.  If your wanting to create another CA for that - sure that works fine too.  Just make sure your creating the correct type of cert and using the correct one when you setup pfsense ssl, it likes to default to user cert.

        Another issue is that browsers don't like self signed these days, some browsers more friendly than others allowing you to add exceptions..  But its best to just install the pfsense CA you create as a trusted CA so that your browser trust certs signed by this cert.

        If was me and you have 25 of them to do.. I would prob use same CA for all of them and trust this CA, and then create the certs from that CA for all your 25 devices.  This could be a CA off one of the pfsense, or it could be your own, or it could be public.. Your choice there.

        certssl.png
        certssl.png_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • S
          Sharaz
          last edited by

          they all say:

          No Certificates have been defined. A certificate is required before SSL can be enabled. Create or Import a Certificate.

          other firewalls that i have installed myself all say "webConfigurator default".

          Jonathan

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            From a shell, run:

            pfSsh.php playback generateguicert
            

            That'll make you a new cert using the current hostname as the base for the CN and such.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • S
              Sharaz
              last edited by

              worked like a charms!! thank you!!

              Jonathan

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.