Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSL Error on login page

    Scheduled Pinned Locked Moved Forum Feedback
    2 Posts 2 Posters 281 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 1
      192.168.1.1
      last edited by stephenw10

      website forum login page (link removed) sometimes gives ssl error. chrome says this site not secure.

      GertjanG 1 Reply Last reply Reply Quote 0
      • stephenw10S stephenw10 moved this topic from Netgate Announcements on
      • GertjanG
        Gertjan @192.168.1.1
        last edited by Gertjan

        @192-168-1-1

        Your link : https://login.page/

        dfb64584-534f-45a6-ac43-3858045400dd-image.png

        I can't even 'login' over there.

        and who is chrome ?

        edit : ok, my last question was somewhat stupid.

        You probably see a message from your browser, telling you the connection isn't secured.
        Don't worry, you are connected to 'pfSense', that's the web server, just 'one cable' away, and not somewhere on the Internet.
        The connection is of course very secured. It's just that chrome doesn't know who signed the certificate use by the web server. It is a so called self signed certicate and not one known and trusted up front.

        Example :

        Goto https://www.google.com
        Your browser trusts the certificate from www.google.com.
        Why ?

        cd624967-df9f-426d-aaf6-8e39ddcca9a9-image.png

        because at the root of Google certificate you will find, at the at-most right side, "GlobalSign Root CA".
        And that one is present in your device (PC, Phone, etc) with several other (about 100 ?) CA certificates that are trusted "out of the box".

        To get a 'real' trusted certificate, you need to 'rent' a domain name first "like what-should-I-chose.tld" from a registrar (on the Internet). Then, for example, Letenscrypt can give you for free a signed, trusted certificate for that domain name.
        Then : install the obtained certificate into the pfSense Certificate store (see image below), assign the GUI with that certificate, and name your pfSense like this :

        8a23160f-65b0-4332-a990-55083531296f-image.png

        and then .... no more errors when visiting https://pfSense.what-should-I-chose.tld

        ( yeah, a bit daunting if you don't know how https access actually works - what is needed to make it work )

        You can : inform you browser that it shouldn't bother warning you about the fact that it doesn't 'trust' the certificate from pfSense when you visit https://192.168.1.1
        I'm not sure if that's still possible, though.

        If you can't make an exception, you have two options :
        Visit pfSense over http://192.168.1.1 - no more https, and live is easy.
        Or, (do what johnpoz already explained a zillion time, I'll locate one later on)
        Export the "pfSense WebGUI" CA certificate from here :

        4b7d45c2-94aa-4a0f-b9c2-8e0ee36bcf4a-image.png

        and import it into "chrome". From then on, chrome will trust the certificate used by https://192.168.1.1 or https://pfsense..... or whatever you have called your pfSense host name.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.