PfSense Cert Creation - Alternate Names?



  • Hello, all!

    I've had issues with cert errors ever since I set up transparent HTTPS filtering on pfSense, so I'm going back through and blowing everything away, and re-generating CAs and certs to do it up right.

    Anyway, after creating the CA, I've created a cert to be used for the webgui. I would like to be able to access the webgui and not get a cert error if the CA is installed on a computer.

    I've got it working if I enter the FQDN as the address, but am unable to get it working with IP addresses. For example, if on VLAN 1 the interface IP address is 192.168.1.1, I would like to be able to enter that without getting a cert error.

    I've entered all of the IP addresses under the "Alternative Names" area, specifying the "Type" as "IP."

    Upon getting the cert error, it tells me that the cert is for a different domain. I go into the cert's properties, and it mentions all the IP address that I specified under "Subject" in the following manner:
    Certificate Subject Alt Name = "IP:192.168.1.1,IP:192.168.2.1,IP:192.168.3.1,IP:192.168.4.1,IP:192.168.5.1"

    Am I missing something here?

    Thanks!
    ElectroPulse



  • Upon further searching, it appears that it is not actually a fully-implemented feature… https://forum.pfsense.org/index.php?topic=68512.0

    Any recommendations of how I could use an already-created CA to generate a certificate with some other cert creating software? (or via commandline in pfSense)


Log in to reply