OPNsense Forum
Archive => 16.7 Legacy Series => Topic started by: Julien on July 09, 2016, 03:59:45 pm
-
Hi Guys,
is it possible to create a trusted certificate with the firewall FQDN on it ?
so when the users go to the http://FQDN or https://FQDN will be secure signed.
thank you
-
Yes, I use a StartSSL certificate for the FQDN. https://www.startssl.com/
Bart...
-
Thank you for your answer Jan,
the firewall is not facing the internet, and the access to the firewall is always over the LAN or VPN.
using the self sign certificate gonna be a issue for the security ?
-
No security risk at all, just a hassle with having to distribute the certificate to all internal clients or having your users click through warnings - which is a bad precedent.
StartSSL will verify that you own the domain through a web page or through email (e.g. hostmaster@firewall.domain). That means that you must control a website or MX record to get the cert.
Bart...
-
thank you bart,
we know starts already using it for our exchange.
a big thank you man