Remove Default Certificate in certificate manager

mohsen.abbaspour2012 · Apr 4, 2017, 10:28 AM

Hi
How can I remove the Default certificate ( by name : webConfigurator default ) in pfsense
Tnx

doktornotor · Apr 4, 2017, 11:54 AM

After selecting a different one for the WebGUI, perhaps.

jimp · Apr 4, 2017, 1:19 PM

^ that. Make sure it's not used anywhere for anything and then it can be deleted. If it doesn't have an icon to delete, it's still used somewhere.

mohsen.abbaspour2012 · Apr 5, 2017, 12:05 PM

Tnx ,
I create new Certificate and use it for web GUI in Advnaced in Admin Access tab , but the pfsense sign my certificate by self CA when using my certificate for web GUI so my Browser show to me the Certificate Issuer is pfsense , i dont want pfsense sign self.

jimp · Apr 5, 2017, 12:15 PM

If you have another certificate to use, import its CA and the certificate/key into the certificate manager, and then configure the GUI to use that certificate (System > Advanced, Admin Access tab)

If you do not already have a certificate, look at the ACME package to easily obtain a free trusted certificate for your firewall: https://doc.pfsense.org/index.php/ACME_package

johnpoz · Apr 9, 2017, 1:08 PM

Or just trust your pfsense CA if you want the pretty green icon..

You can then even use rfc1918 IPs as SAN so you get pretty icon via fqdn or any IPs you might hit your pfsense web gui on..

When is the admin web gui accessed by mass of users.. The only people accessing pfsense web gui should be the admins of pfsense - so why would they not trust the CA of pfsense? Really takes all of like 1 min to setup.. Using something like lets encrypt that has to be renewed ever 90 days and requires use of registered domain and does not allow for rfc1918 san seems completely pointeless and useless in such a use case.. The only point of using such a cert and ca would be if you need the unknown masses of users that might access the web site and automatically trust the CA.. That should never be the case in the pfsense web gui.. While if you trust your local CA you can use whatever freaking fqdn you want.. see mine is a local.lan and whatever IPs you might want for san, etc.

And actually paying for a cert by a public/trusted cert would just be a waste of money.. time and effort all the way around..

Trusting the pfsense Ca now allows you to create certs that are trusted and the pretty green for all your appliances, servers any iot devices, etc. etc. See trust my switch url, etc. 2nd pic. esxi host 3rd pic