Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Let´s Encrypt Cert for the OPNSense Webgui itself ?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Let´s Encrypt Cert for the OPNSense Webgui itself ? (Read 7117 times)
BeNe
Full Member
Posts: 113
Karma: 13
Use *BSD and feel free!
Let´s Encrypt Cert for the OPNSense Webgui itself ?
«
on:
February 11, 2018, 08:02:20 pm »
Hello OPNsense Folks,
can i use the Let´s Encrypt Plugin to generate a valid SSL Cert for the OPNSense WebGUI itself ?
As far is know i can use HA-Proxy and the Let´s Encrypt Plugin to generate a Cert for Web-Services behind the Firewall, but not for the Firewall itself.
My Firwall has a external static dns entry.
Is there an option ?
Thanks!
Logged
elektroinside
Hero Member
Posts: 574
Karma: 51
Re: Let´s Encrypt Cert for the OPNSense Webgui itself ?
«
Reply #1 on:
February 11, 2018, 08:40:39 pm »
You can use any certificate (including Let's Encrypt) for anything that uses certificates of such, including the GUI.
Generate one according to your external hostname (make sure your hostname points to your OPNsense box) and load it in System: Settings: Administration: SSL Certificate.
Mind you that the plugin is still outdated and it won't work, needs a refresh which supposedly will be ready soon.
More info about the issue here:
https://forum.opnsense.org/index.php?topic=7139
«
Last Edit: February 11, 2018, 08:48:13 pm by elektroinside
»
Logged
OPNsense v18
| HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s
Team Rebellion Member
BeNe
Full Member
Posts: 113
Karma: 13
Use *BSD and feel free!
Re: Let´s Encrypt Cert for the OPNSense Webgui itself ?
«
Reply #2 on:
February 11, 2018, 10:30:54 pm »
Hi elektroinside,
thank you for your answer
Will the Let´s encrypt plugin (if it is fixed) - also update/renew the Let´s encrypt Certificate for the WebGUI ?
«
Last Edit: February 11, 2018, 10:42:33 pm by BeNe
»
Logged
elektroinside
Hero Member
Posts: 574
Karma: 51
Re: Let´s Encrypt Cert for the OPNSense Webgui itself ?
«
Reply #3 on:
February 11, 2018, 10:56:20 pm »
The plugin "generates" a certificate that is signed by a trusted certificate authority called "Let's Encrypt".
This plugin only "generates" signed certificates by this CA. It is of your choice where are you going to install the cert and for what services (you can export them and use it for something else if you wish). If you choose to use it for the WebGUI (setting the option I mentioned before), then the web server behind the WebGUI will also use it, as it is using the same cert (by name), located in the same path of your OPNsense box.
More simply put: running the plugin will result in some files, saved somewhere on the HDD. Those files will be read by some services, including the web server ()if configured) and pushed towards the connected clients. The browser verifies it, validates it, and you get to have a connection trusted by the browser. Rerunning the plugin will result in files with the same name but different content (overwritten).
Anyway, the short answer is
yes
«
Last Edit: February 11, 2018, 11:13:13 pm by elektroinside
»
Logged
OPNsense v18
| HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s
Team Rebellion Member
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Let´s Encrypt Cert for the OPNSense Webgui itself ?