ssl issue - no gui

Koby Peleg Hen · May 28, 2022, 5:14 PM

Hello Guy ,
My Pf Ver 2.6 has an trusted ssl cert and it is about to expire.
I tried to UPDATE the current ssl with new primary + cert and save it. Looks fine, it does show the right detail (begin time , end time etc) at the cert manager on pf.
But when I check the browser it is still show the old one.
After booting there is no gui , but i figure out that there is an ssh access so I did that and run "netstat" no service is listening to port 443\80.
I Did Restore from console and the gui working fine again.

Trying again , this time I Create NEW ssl and set the https to use it ==> after reboot as previous no gui ....

Any advice , my ssl is going to expire soon...

Koby Peleg Hen

johnpoz · May 28, 2022, 5:59 PM

@koby-peleg-hen said in ssl issue - no gui:

I tried to UPDATE the current ssl with new primary + cert and save it.

If you have a new cert to use for the gui - where did it come from? Did you create it in the cert manager - you got it from some other CA?

If you got it from somewhere you would import the cert and key.. And then change the gui to use that cert.

Koby Peleg Hen · May 28, 2022, 6:11 PM

@johnpoz said in ssl issue - no gui:

Hello johnpoz ,
This is exactly what i meant.
I did Import a Private Key + Cert from Sectigo RSA.

Best regards
Koby Peleg Hen

johnpoz · May 28, 2022, 7:47 PM

@koby-peleg-hen well you do you - but I never got why anyone would ever do this.. Did you get it free - if so I could attempt to use one of their certs. Looks like not single domain 78$ for six years.

For starters I don't ever see using an actual public domain on my pfsense gui? I own multiple domains, don't use any of them internally.. Pointless to do so.. I use local.lan - but at some point will switch over to home.arpa for local domain.

But if did want to use public - why not just use free ACME cert?

So did you create the CSR and have them sign it? How exactly did you go about getting the cert and key..

Without some actual details, going to be impossible to help figure out what is wrong. What does the log say? You can setup pfsense to allow both http and https access - so even if the gui doesn't like the cert for some reason, the gui should be available just over http so you can see the log, etc.