Admin access on HTTPS

ixu1 · Jan 2, 2020, 1:38 PM

pfs 2.44 release p3

Hello,

Why i can't use https on my pfsense webui ?

Alternate hostname is note valid hsotname ..

Best regards

JF

PS: it's fraich install

jimp · Jan 2, 2020, 1:53 PM

It isn't the HTTPS option to blame there.

What do you have in the Alternate Hostnames box on that page?

johnpoz · Jan 2, 2020, 2:07 PM

Exactly - what do you have in the alternative name box farther down the page

Here is where its at

ixu1 · Jan 2, 2020, 2:19 PM

wahoo , I'm confused

it works!

Thank you so much.

johnpoz · Jan 2, 2020, 2:47 PM

Confused about what? What did you have in that box?

ixu1 · Jan 2, 2020, 3:00 PM

an IP !

Gertjan · Jan 2, 2020, 3:02 PM

An IP isn't really a host name ;)

ixu1 · Jan 2, 2020, 3:03 PM

@Gertjan
that's why I'm confused

Gertjan · Jan 2, 2020, 3:10 PM

@ixu1 said in Admin access on HTTPS:

that's why I'm confused

Note this one down some where : a name is not a number.

Btw : these alternate host name must also be part of your certificate !
It's true that some cert authorities accept that you put into your cert alternate host names real IP's like "192.168.1.1". That way, you can access your pfSense like
https://192.168.1.1

( and think about an IPv6 while you're ordering your cert ^^ )

Note that LetsEncrypts (used by the acme package - or by your own methods) doesn't allow that.

johnpoz · Jan 2, 2020, 5:06 PM

Yeah that alternate name is not the same as SAN in the cert.. That is so you don't get rebind or http_referer problems..

IP would not be valid there ever..

If you want to do rfc1918 IP in your cert, you would have to have your own local CA sign the cert. There is no public CA that would sign a cert with rfc1918 IPs in them..

I use san for my rfc1918 address in my web gui.. Where did you get that cert? From a public CA, or did you create the cert with CA you have running on pfsense?