• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to : HTTPS to HTTP redirection from external web urls to internal web urls

Scheduled Pinned Locked Moved NAT
4 Posts 2 Posters 729 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • O
    omar72osm
    last edited by May 30, 2017, 9:03 AM May 30, 2017, 8:44 AM

    Hi.
    I generated the certificate as in the video (Configuring CA or Certificate Authority with your pFSense Firewall)  https://www.youtube.com/watch?v=vZpAIKJ9jyA  .

    I have an internal Web server in LAN which can be accessed as http://myWebServer, and hope to access it from WAN as https://myWebServer

    1 Reply Last reply Reply Quote 0
    • V
      viragomann
      last edited by May 30, 2017, 9:26 PM

      You cannot forward HTTPS to HTTP. The webserver has to be configured to listen on port 443 for HTTPS and use a proper certificate. Otherwise it won't provide the certificate to the browser, who is awaiting it.

      On the firewall just forward HTTPS (443) to the webserver.

      The CA and certificate shown in the video is only meant for private or internal purposes. Browsers won't trust it unless you install the CA's root cert on the computer.
      If you're providing the web page to users you don't know you should install a certificate signed by a public CA.

      1 Reply Last reply Reply Quote 0
      • O
        omar72osm
        last edited by May 30, 2017, 10:21 PM

        Thanks viragomann for your reply.
        As in the vedio, self signed certificate was generated, and based on that I deployed the certificate on my PC and was abled to login the pfsense as
        https://myPC-IP  .

        I tried to use this certificate to go more behind the pfSense, I mean to access my webserver in DMZ, as https://myPC-IP/myApplication
        I can access the webserver as http://myPC-IP/myApplication  through WAN or LAN.

        you mentioned in your reply to this sentence "On the firewall just forward HTTPS (443) to the webserver". I tried to do that but there was no way, I could not success.

        1 Reply Last reply Reply Quote 0
        • V
          viragomann
          last edited by May 30, 2017, 11:24 PM

          I think that video doesn't show what you try to achieve. The goal in the video is to deploy a trusted environment in an AD domain by installing the root CA's cert on the DC and rolling out a policy to trust it.

          To get a webserver work with HTTPS you need a pair of a private key and a public certificate.
          Most webservers provide a generator for a self signed cert, which is easier to install than that.
          But if you want, you may also install a cert generated by a CA on pfSense. However, you have also export the private key of the cert, either as separate file or as a p12 bundle, and install both on your webserver. How to do this, depends on the webserver type.

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received