Text only | Text with Images

OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: almodovaris on October 28, 2022, 05:22:30 AM

Title: TLS blocking page
Post by: almodovaris on October 28, 2022, 05:22:30 AM
I have enabled TLS blocking page (beta). How do I trust its certificate upon client PCs?

The certificate from /usr/local/opnsense/www/devServer/ says it's for localhost.

Also tried the certificates from /usr/local/sensei/cert/

I have found something about it at https://stackoverflow.com/questions/59738140/why-is-firefox-not-trusting-my-self-signed-certificate
Title: Re: TLS blocking page
Post by: Phiolin on November 01, 2022, 09:03:58 PM
You should be able to download the root certificate with practically every modern browser.

That said, it'd be cool if we could configure Zenarmor to use an existing OPNsense CA to generate the certificates instead of using its own internal CA.
Title: Re: TLS blocking page
Post by: almodovaris on November 02, 2022, 06:47:48 AM
Error code: MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
Title: Re: TLS blocking page
Post by: sy on November 03, 2022, 08:59:14 AM
Hi,

It will be changed to use OPNsense's CA for the next release, most probably 1.13.
Text only | Text with Images