HTTPS User Auth w/ Captive Portal



  • Hello all,

    I am looking for someone who can just help me out.  I have a few "rogue" neighbors who are trying to guess passwords and user names on my captive portal.  I would like to secure it, but haven't done anything besides the creation of the https for the configuration of the pfsense itself.  I am not sure what's supposed to go where in the configuration.  I am using 2.0, but if I remember correctly, the config is the same for any captive portal use (1.2.3 or 2.0).  I would like to use a non self signed cert for the web login (like one of the ones you can get from comodo or somewhere else [suggestions welcome]), but if it is easier with a self signed, so be it.  I am pretty much a little kid when it comes to understanding certs (all goes over my head on what does what no matter what I read).  If someone would be so nice to write up a how to for me, that would be super awesome.

    Thank you everyone for your support!  :D



  • Heres a rough how to, if you need other info (screenshots etc) let me know:

    on the advanced page (https://pfSenseip/system_advanced.php) go to the webGUI SSL certificate/key section and click create certificates automatically, fill out the form, click save. The certificate and key fields will be filled in, copy those to certificate/key fields on the captive portal page, close the advanced page without clicking save, click save on the captive portal page.

    Another option is to use startssl.com, they provide free single host SSL certs



  • I run a captive portal with HTTPS auth that handles about 150 concurrent users on version 1.2.3.  If you can get it to run in 2.0 I would recommend it only because most certificate authorities use intermediate certs that you would need to put in the chained certs field.  In my case that meant patching the GUI because the webserver supports it but the GUI did not.  If you can't use 2.0, here's the link for the patch.

    http://forum.pfsense.org/index.php?topic=10888.0

    Worked great, now I can use the Comodo wildcard cert we bought for our domain.  Good luck.


Log in to reply