Webgui from outside https problem



  • Wanted to have a possibility to reach the webgui from outside via https, but no success.

    Testing with http works great. Even redirecting the port from 12345 to http.

    But when testing https, no luck. In the system-log I see the attempt as allowed, but no data goes to the external browser.
    Tested with "Anti-lockout-rule" enabled and disabled. Same behaviour.

    :-(



  • Tested with firefox from outside and got this error:

    sec_error_reused_issuer_and_serial (Same serial of cert issued from same issuer.) I wasn't able to connect to my box. IE only shows "No connect possible, maybe wrong typo".

    So I created both, CA and cert new, without luck. Same error. What can I do?

    Cert and CA are created with the real DNS-name, from which the box and my net is reacheable. Anyone has the same issue or can tell me what to do? Thanks much.

    PS: Time and date are set right on the box.
    Found this site m,entioning the error:
    http://blog.johnath.com/2008/08/05/ssl-question-corner/

    So now is it my fault, firefox fault, IE fault (per se), or whatever? Is there anyone who can clear this a bit up??????
    Thanks again!

    Second addition: Created a new cert, a time after creating the CA: Now the error is different, stating that "CA is not created by a trusted authority", so now I can finally get access to my box. THIS is weird!
    Maybe this helps others too.



  • There is a problem with certificate generation for HTTPS.

    http://redmine.pfsense.org/issues/show/161



  • Oups.. I've crashed my pfSense webadmin service with this bug..

    Is there any way to solve the issue and access the system without re-installing pfSense at all?

    I've an access to console, if it may help.

    Please, help!



  • Yes: Revert to http on console, delete your Cert when you access via http, wait some minutes and create the cert new. Then revert back to https. That worked for me.



  • @_igor_:

    Yes: Revert to http on console, delete your Cert when you access via http, wait some minutes and create the cert new. Then revert back to https. That worked for me.

    Thanks, Igor, will try..


Log in to reply