Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Remove Default Certificate in certificate manager

    webGUI
    4
    6
    4479
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mohsen.abbaspour2012 last edited by

      Hi
      How can I  remove  the Default certificate  (  by name : webConfigurator default  )  in pfsense
      Tnx

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        After selecting a different one for the WebGUI, perhaps.

        1 Reply Last reply Reply Quote 0
        • jimp
          jimp Rebel Alliance Developer Netgate last edited by

          ^ that. Make sure it's not used anywhere for anything and then it can be deleted. If it doesn't have an icon to delete, it's still used somewhere.

          1 Reply Last reply Reply Quote 0
          • M
            mohsen.abbaspour2012 last edited by

            Tnx ,
            I create  new  Certificate and    use  it for web GUI  in Advnaced  in Admin Access tab  , but  the pfsense sign my certificate by self CA  when using my certificate  for web GUI  so my Browser  show to me  the Certificate Issuer is  pfsense  , i dont want  pfsense  sign self.

            1 Reply Last reply Reply Quote 0
            • jimp
              jimp Rebel Alliance Developer Netgate last edited by

              If you have another certificate to use, import its CA and the certificate/key into the certificate manager, and then configure the GUI to use that certificate (System > Advanced, Admin Access tab)

              If you do not already have a certificate, look at the ACME package to easily obtain a free trusted certificate for your firewall: https://doc.pfsense.org/index.php/ACME_package

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                Or just trust your pfsense CA if you want the pretty green icon..

                You can then even use rfc1918 IPs as SAN so you get pretty icon via fqdn or any IPs you might hit your pfsense web gui on..

                When is the admin web gui accessed by mass of users.. The only people accessing pfsense web gui should be the admins of pfsense - so why would they not trust the CA of pfsense?  Really takes all of like 1 min to setup..  Using something like lets encrypt that has to be renewed ever 90 days and requires use of registered domain and does not allow for rfc1918 san seems completely pointeless and useless in such a use case..  The only point of using such a cert and ca would be if you need the unknown masses of users that might access the web site and automatically trust the CA.. That should never be the case in the pfsense web gui.. While if you trust your local CA you can use whatever freaking fqdn you want.. see mine is a local.lan and whatever IPs you might want for san, etc.

                And actually paying for a cert by a public/trusted cert would just be a waste of money.. time and effort all the way around..

                Trusting the pfsense Ca now allows you to create certs that are trusted and the pretty green for all your appliances, servers any iot devices, etc. etc.  See trust my switch url, etc.  2nd pic. esxi host 3rd pic






                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy