webConfigurator: Using my own CA is not working...

nasheayahu

I have a valid CA from,

Verified by: RapidSSL TLS RSA CA G1
Expires: 10/03/2024

but have no success in getting it to work, I keep getting the Warning: Potential Security Risk Ahead. What other setting(s) am I missing?

johnpoz

@nasheayahu said in webConfigurator: Using my own CA is not working...:

Warning: Potential Security Risk Ahead

And when you look at the details what does it say is the reason?

nasheayahu

@johnpoz said in webConfigurator: Using my own CA is not working...:

And when you look at the details what does it say is the reason?

Morning, I get this in the browser,

Firefox detected a potential security threat and did not continue to pfxxxx.xxxx.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

In viewing the one firefox has, which is showing a non-wildcard cert, and its not the one I imported into pfSense,

This is the one I imported,

How do I clear this conflict?

SteveITS

@nasheayahu You mention it's a CA, which would be very rare (a CA is used to create valid public certs), but then show the Certificates page...is it just a normal cert? (though, a wildcard)

You do have to include any intermediate cert in the "Certificate data" field, could that be the issue?

Overall there is no issue using a public wildcard cert in pfSense, we've done it.

johnpoz

@nasheayahu those are clearly not the same certs..

It's difficult to help spot mistakes when you have everything obfuscated.. Might be able to clearly spot what your over looking, but when when can't see what looking at in the first place..

Clearly you have the wrong cert assigned to your web gui, or maybe you didn't restart the gui?

When you hit the gui its presenting you a non wildcard cert.. But pfsense can only present what you told it to present.

@SteveITS he is just confused on terminology is all.. He meant to say he has a cert from a public CA that is trusted by default.

nasheayahu

@johnpoz said in webConfigurator: Using my own CA is not working...:

It's difficult to help spot mistakes when you have everything obfuscated

Both firefox and pfsense doman name are correct, except pfsense has the wild card as shown above in the pfSense GUI photos. pfSense wildcard cert data matches the wildcard cert in the image just above.

However, I just reboot pfSense and now its working. Is this something I'm going to have to do every time I add or make changes to the cert (Hope not) and should I report this as a possible bug? Because, It did not do this in the previous versions.

Currently Using:
pfSense CE
2.7.1-RELEASE (amd64)
built on Wed Nov 15 10:06:00 MST 2023
FreeBSD 14.0-CURRENT

johnpoz

@nasheayahu you would have to restart the gui most likely but not all of pfsense.

Off top of head not sure if way to do it from gui, I would think so but you can always restart from the console menu, option 11

nasheayahu

@johnpoz said in webConfigurator: Using my own CA is not working...:

I would think so but you can always restart from the console menu, option 11

I forgot about that...., thanks for your help!....