Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    CP HTTPS without red page

    Captive Portal
    4
    10
    1030
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rovshango last edited by

      Hi,

      Is it possible configure CP with HTTPS but not to get RED PAGE (HTTPS CERT etc.) ?

      Thanks

      1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan last edited by

        Hi,

        What is a red page ?

        I guess you mean that you use a self-signed certificate when you activated the "https" on your portal.
        That isn't a great idea, knowing that real certificates exists, and you can get them for free.

        No "help me" PM's please. Use the forum.

        1 Reply Last reply Reply Quote 0
        • K
          kejianshi last edited by

          Nothing at all is wrong with self signed certs - But the people who sell them and make web browsers would like you to think there is.

          There is no money in a self signed cert…

          1 Reply Last reply Reply Quote 0
          • R
            rovshango last edited by

            Hi and thanks for replies,

            To be more clear I will explain my question detailed:

            I did some interface changes in CP Login page, so when user tries open any URL pfSense directs it to CP login page (http://IP_ADDRESS:8000/bla-bla)
            Then user prompt its username/password etc.

            But when I do enable HTTPS login option for CP it directs to HTTPS login page (http://IP_ADDRESS:8001/bla-bla) and client gets certification notification (see attachment as example)
            But ignoring/accepting it user then again can prompt username/password and go on surfing web

            So I am asking is it possible enable HTTPS login and do not get notification page ?

            Thanks


            1 Reply Last reply Reply Quote 0
            • K
              kejianshi last edited by

              You would have to replace your self signed cert in CP with a signed cert which can be cheap or perhaps free - I'd put my money on $9 - $19 or so with digicert or someone like that.

              If you get a signed cert to avoid those warning pages, you will want one that appears in the trusted roots for all the various OSes / Browsers.

              1 Reply Last reply Reply Quote 0
              • R
                rovshango last edited by

                Sorry but I didn't get it

                you will want one that appears in the trusted roots for all the various OSes / Browsers.

                1 Reply Last reply Reply Quote 0
                • K
                  kejianshi last edited by

                  Not every signed cert is universally recognized by all browsers, so try to pick one that is.
                  It depends if the root cert authority is in the list for the browser being used.

                  A reliable company will be widely recognized - Others may not be.

                  1 Reply Last reply Reply Quote 0
                  • R
                    rovshango last edited by

                    OK then I will get cert from digicert and test it
                    Thanks

                    1 Reply Last reply Reply Quote 0
                    • Derelict
                      Derelict LAYER 8 Netgate last edited by

                      Don't waste your money if you're thinking it'll stop all cert errors.

                      https://forum.pfsense.org/index.php?topic=85423.msg470634#msg470634

                      Chattanooga, Tennessee, USA
                      The pfSense Book is free of charge!
                      DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • K
                        kejianshi last edited by

                        Yes - I see your point.
                        For them to go no cert error connecting to your network, your network address would have to be the url they entered in the address bar.
                        Go figure the odds.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post