Remove Default Certificate in certificate manager

  • Hi
    How can I  remove  the Default certificate  (  by name : webConfigurator default  )  in pfsense

  • Banned

    After selecting a different one for the WebGUI, perhaps.

  • Rebel Alliance Developer Netgate

    ^ that. Make sure it's not used anywhere for anything and then it can be deleted. If it doesn't have an icon to delete, it's still used somewhere.

  • Tnx ,
    I create  new  Certificate and    use  it for web GUI  in Advnaced  in Admin Access tab  , but  the pfsense sign my certificate by self CA  when using my certificate  for web GUI  so my Browser  show to me  the Certificate Issuer is  pfsense  , i dont want  pfsense  sign self.

  • Rebel Alliance Developer Netgate

    If you have another certificate to use, import its CA and the certificate/key into the certificate manager, and then configure the GUI to use that certificate (System > Advanced, Admin Access tab)

    If you do not already have a certificate, look at the ACME package to easily obtain a free trusted certificate for your firewall:

  • LAYER 8 Global Moderator

    Or just trust your pfsense CA if you want the pretty green icon..

    You can then even use rfc1918 IPs as SAN so you get pretty icon via fqdn or any IPs you might hit your pfsense web gui on..

    When is the admin web gui accessed by mass of users.. The only people accessing pfsense web gui should be the admins of pfsense - so why would they not trust the CA of pfsense?  Really takes all of like 1 min to setup..  Using something like lets encrypt that has to be renewed ever 90 days and requires use of registered domain and does not allow for rfc1918 san seems completely pointeless and useless in such a use case..  The only point of using such a cert and ca would be if you need the unknown masses of users that might access the web site and automatically trust the CA.. That should never be the case in the pfsense web gui.. While if you trust your local CA you can use whatever freaking fqdn you want.. see mine is a local.lan and whatever IPs you might want for san, etc.

    And actually paying for a cert by a public/trusted cert would just be a waste of money.. time and effort all the way around..

    Trusting the pfsense Ca now allows you to create certs that are trusted and the pretty green for all your appliances, servers any iot devices, etc. etc.  See trust my switch url, etc.  2nd pic. esxi host 3rd pic

Log in to reply