OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: Julien on July 09, 2016, 03:59:45 pm

Title: [SOLVED] web interface SSL
Post by: Julien on July 09, 2016, 03:59:45 pm

Hi Guys,
is it possible to create a trusted certificate with the firewall FQDN on it ?
so when the users go to the http://FQDN or https://FQDN will be secure signed.

thank you

Title: Re: web interface SSL
Post by: bartjsmit on July 10, 2016, 06:30:12 pm

Yes, I use a StartSSL certificate for the FQDN. https://www.startssl.com/

Bart...

Title: Re: web interface SSL
Post by: Julien on July 11, 2016, 01:30:28 am

Thank you for your answer Jan,
the firewall is not facing the internet, and the access to the firewall is always over the LAN or VPN.
using the self sign certificate gonna be a issue for the security ?

Title: Re: web interface SSL
Post by: bartjsmit on July 11, 2016, 10:56:20 am

No security risk at all, just a hassle with having to distribute the certificate to all internal clients or having your users click through warnings - which is a bad precedent.

StartSSL will verify that you own the domain through a web page or through email (e.g. hostmaster@firewall.domain). That means that you must control a website or MX record to get the cert.

Bart...

Title: Re: [SOLVED] web interface SSL
Post by: Julien on July 12, 2016, 07:21:27 am

thank you bart,
we know starts already using it for our exchange.
a big thank you man