Unable to access web gui after renewing certificate
-
Several things to test :
Use another browser.
Read Troubleshooting Access when Locked Out of the Firewall.@mikej47 said in Unable to access web gui after renewing certificate:
webConfigurator certificate was about to expire.
I've found : webConfigurator certificate expiring - or check the pfSense documentation.
-
@mikej47 I believe this is the one where you have to type”thisisunsafe” blind into the error page so Chrome will proceed.
Or try Firefox. ;)
-
@mikej47 this is most likely a browser issue, not liking that something changed with the cert.. Turn off HSTS (HTTP Strict-Transport-Security)
Not a chrome user, so look to what you have to do.
Are you trying to access it via http vs https
normally uses encryption to protect your information
you could try resetting your lan IP, can just change it to what it currently is - but this should ask if you want to revert to just http on the gui.. Once your in you can redo the https setup, etc
-
@SteveITS
Yes, I found when I type "thisisunsafe" in Chrome I am allowed through the warning and can login.Do you know if there is a better fix for this besides using Firefox?
-
@johnpoz
It appears to be a issue with the cert and Chromium based browsers.
I can get past the warning in Chrome by typing "thisisunsafe".
It's tempting to try and do the whole https setup again but I have a feeling I will end up with the same issue, maybe not.I only use https, nothing unsecure.
I will try renewing the webconf cert in a lab vm and see if I get the same issue and play around with it.
-
@mikej47 John has a point, in System/Advanced/Admin try checking "Disable HTTP Strict Transport Security." If that's the issue you may need to delete you cache for the router "site" to get it to take effect. (or use incognito)
-
@mikej47 I don't get the issue in chrome, or any browser I use because I use a cert created with CA in pfsense and set chrome to trust my CA..
Cert also has rfc1918 san, and other names - so you can access it via different fqdn or IP even without browser having a hissy fit.
-
@johnpoz
Than you for sharing.
Certs aren't my strong suit.
I don't see where I can export the root CA cert from my pfsense so I can install it and have it trusted. -
@mikej47 you would create another CA, and then sign a cert.. You then export the CA and trust it in your browser..
here this old post of mine should give you the how to
-
@johnpoz Thank you!