Upgraded to 2.3.1-p5, now I can't login to from Safari b/c of Cert

  • Yesterday I used my 3 year old bookmark to log into to upgrade from 2.2.? to 2.3.1-ps. The upgrade seemed to go fine, but now I can no longer log into from Safari, which reports

    Safari can't open the page "" because Safari can't establish a secure connection to the server ""

    The port is correct, because I can log into https://mycompany.dyndns.org:xyzw from Safari.

    I tried from Firefox, which reports:

    Your connection is not secure. The owner of has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

    and allows me to create an exception.

    I went to System / Certificate Manager / Certificates and see this:

    webConfigurator default
    CA: Yes, Server: No	
    Distinguished Name
    emailAddress=Email Address, ST=Somewhere, OU=Organizational Unit Name (eg, section), O=CompanyName, L=Somecity, CN=Common Name (eg, YOUR name), C=US	
    Valid From: [b]Wed, 13 Sep 2000 11:50:34 -0700[/b]
    Valid Until: [b]Mon, 06 Mar 2006 10:50:34 -0800[/b]
    In Use	
    OpenVPN Server

    I'm assuming the expiry is the problem. This must be some sort of default certificate included with my original install, because I first started using pfsense far after 2006, so there's no way I could have created this cert.

    How do I edit or create a new certificate?

    Or how can I create a similar exception for Safari?

    And why does this work from https://mycompany.dyndns.org:xyzw but not from


  • Hi,

    You are aware that
    is a dirty.
    https implies (it that is enforteced now) that you should use the domaine mane (that points to the IP and this domaine name should be declared in the certifcate that the GUI uses …..
    Using an IP for https is ... well .... not good to start with.

    Example: my local domain is called "brit-hotel-fumel.net".
    My pfsense host anme is aclled "pfsense".
    I combined the two to pfsense.brit-hotel-fumel.net (and yes, I bought the domaine name brit-hotel-fumel.net on the Internet) so (example) startssl.com gave a a valid, signed and trused certificate.
    I installed the certificate on my pfsense and all is well.

    You can also use 'self made' certificates, you'll be seeing the message "can't trust that one" ones.
    Of course, using a certificate that dates from 2006 will never work Instruct pfSense to make a new one.