webGUI & Client Certificate Authenticate


  • Hello all! Was wondering if it's possible to add client certificate authentication to nginx in pfSense? Or if it's something the devs are looking at implementing at some point in the future? Thanks!


  • @jsm03913 It already has the option to assign a dedicated LAN type port that accepts access to the GUI : all other LAN ports should have the GUI access firewall blocked.
    On the permitted LAN port, only accept access from one IP.
    Do not put this LAN port on a switch, use a direct-cable access.
    Lock down the device in a locker.
    Use a strong password.
    At that moment, access is already heavily secured.
    And you want more ? ;)
    Feel free to drop in a feature request https://redmine.pfsense.org/projects/pfsense/issues?set_filter=1&tracker_id=2


  • I am using a virtual pfSense box, so this is not an option. And yes - using client certificates is far more secure than using a username and password combination. That way, I also don't have to physically wired to the pfSense box, even if it wasn't virtual.

    I'll look at submitting a feature request. Thanks!