Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgraded to 2.3.1-p5, now I can't login to 192.168.0.1 from Safari b/c of Cert

    webGUI
    2
    2
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TheWaterbug
      last edited by

      Yesterday I used my 3 year old bookmark to log into https://192.168.0.1:xyzw to upgrade from 2.2.? to 2.3.1-ps. The upgrade seemed to go fine, but now I can no longer log into https://192.168.0.1:xyzw from Safari, which reports

      Safari can't open the page "https://192.168.0.1:xyzw" because Safari can't establish a secure connection to the server "192.168.0.1"

      The port is correct, because I can log into https://mycompany.dyndns.org:xyzw from Safari.

      I tried https://192.168.0.1:xyzw from Firefox, which reports:

      Your connection is not secure. The owner of 192.168.0.1 has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

      and allows me to create an exception.

      I went to System / Certificate Manager / Certificates and see this:

      Name
webConfigurator default
CA: Yes, Server: No	

Issuer 
self-signed

Distinguished Name
emailAddress=Email Address, ST=Somewhere, OU=Organizational Unit Name (eg, section), O=CompanyName, L=Somecity, CN=Common Name (eg, YOUR name), C=US	
Valid From: [b]Wed, 13 Sep 2000 11:50:34 -0700[/b]
Valid Until: [b]Mon, 06 Mar 2006 10:50:34 -0800[/b]

In Use	
webConfigurator 
OpenVPN Server

      I'm assuming the expiry is the problem. This must be some sort of default certificate included with my original install, because I first started using pfsense far after 2006, so there's no way I could have created this cert.

      How do I edit or create a new certificate?

      Or how can I create a similar exception for Safari?

      And why does this work from https://mycompany.dyndns.org:xyzw but not from https://192.168.0.1:xyzw?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        You are aware that
        https://192.168.0.1:443
        is a dirty.
        https implies (it that is enforteced now) that you should use the domaine mane (that points to the IP 192.168.0.1) and this domaine name should be declared in the certifcate that the GUI uses …..
        Using an IP for https is ... well .... not good to start with.

        Example: my local domain is called "brit-hotel-fumel.net".
        My pfsense host anme is aclled "pfsense".
        I combined the two to pfsense.brit-hotel-fumel.net (and yes, I bought the domaine name brit-hotel-fumel.net on the Internet) so (example) startssl.com gave a a valid, signed and trused certificate.
        I installed the certificate on my pfsense and all is well.

        You can also use 'self made' certificates, you'll be seeing the message "can't trust that one" ones.
        Of course, using a certificate that dates from 2006 will never work Instruct pfSense to make a new one.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.