DNS settings for use with a free StartSSL certificate



  • Hi Guys,

    I'd like to set up my pfsense box with a valid certificate so that captive portal users don't get a scary message.

    I own a .co.uk domain and have set firewall.mydomain.co.uk to the external IP address of my ADSL router. My ADSL router assigns a 192.168.1.0/24 address to the WAN interface of my pfsense box.

    I'll be obtaining and importing a free StartSSL.com certificate for firewall.mydomain.co.uk shortly (DNS propagation in progress).

    Are the following settings correct:

    System > General Setup
    Hostname: firewall
    Domain: mydomain.co.uk

    Services > DHCP Server
    Domain name: lan

    Services > DNS Forwarder
    Host Override: firewall.mydomain.co.uk -> 10.1.1.1 (my pfsense box's LAN IP)

    With the above settings, if a user is taken to the captive portal login page at firewall.mydomain.co.uk, will they get a certificate warning from the browser?

    Many thanks in advance!


Log in to reply