Certificate error
-
@the-other warning : cert for this site is invalid
-
@Antibiotic what cert? the selfsigned cert pfsense creates on its own, or one you created with your own ca?
-
-
That can't work because there's no way to add the CA cert to the client so it will accept it.
You need to create a CA in pfSense. Use that to create a new server cert to use for the webgui. The import the CA cert ito the client so it trusts the server cert.
-
@johnpoz I dont understanding. do I need to create additional CA client sert and put him to Windows trust cert as well?
-
Windows needs the CA cert so that when it sees the server cert in pfSense created by that it will trust it.
-
@stephenw10 So , i need to delete default pfsense web gui cert. Creare new server and client cert and put both to Windows trust store?
-
Well I wouldn't delete the old webgui (server) cert before you created a new one! I don't think pfSense will allow you to do that.
Windows only needs the CA cert.
-
-
Same error?
I would expect that to work so I would check the Windows has actually imported it correctly.
-
@stephenw10 Yes same error
pfSense plus 24.03 on Topton mini PC
CPU: Intel N100
NIC: Intel i-226v 4 pcs
RAM : 16 GB DDR5
Disk: 128 GB NVMe
Brgds, Archi -
https://forum.netgate.com/topic/187774/port-restriction-rule
-
@Antibiotic hm, strange...
I just imported my self-signed CA cert in my browsers certs (works for firefox as well as cromium under ubuntu, even working for androids).
With ubuntu I just put my CA cert into my browser's cert place, with android I imported into system. Both working...So, did you import the CA cert or a server cert done with that CA? You need the former... :)
-
@the-other I import CA client cert manually to trust store ,but its windows machines
-
@Antibiotic said in Certificate error:
I import CA client cert
There is no 'CA client cert' there is just the CA cert. This:
-
pfSense plus 24.03 on Topton mini PC
CPU: Intel N100
NIC: Intel i-226v 4 pcs
RAM : 16 GB DDR5
Disk: 128 GB NVMe
Brgds, Archi -
You exported the HomeCA cert from pfSense and imported it into Windows?
-
@Antibiotic hey there,
to get rid of that warning, this works for me (and should in general):
go to your own CA in pfsense, export its cert (second from the left symbol), save it in your downloads directory...(or as needed)
Then open your firefox browser: go to settings > security > certificates here press show certificates.
Then go to tab certificate authorities, here press import. Import your saved CA cert. Close browser.
Start browser, go to your pfsense gui. If everything is done correctly the warning should be gone. Instead the lock symbol is showing a safe connection, moving the cursor on it should show something like "certified by YOUR CA NAME".
Delete that CA cert from your pc. Your browser should now know (and trust) pfsense's webserver cert, since it knows the CA (imported certificate)... -
@stephenw10 yes
-
@Antibiotic here is walk through I did back in 2019
