OPNsense Forum
English Forums => Tutorials and FAQs => Topic started by: guest24551 on May 23, 2020, 10:21:35 am
-
Hello,
I try to accomplish a secure connection to my the opnsense dashboard, but unfortunately enabling the new webgui cert, breaks the whole Internet. I cant access dashboard nor can I google what the problem is. Even the "deacitvate http redirection" rule isn't working. I always have to restore from backup to have internet again.
I made every step as it is described here:
https://docs.opnsense.org/manual/how-tos/self-signed-chain.html
after multiple failures I tried it this way, but with the same error ...
https://www.thomas-krenn.com/de/wiki/Selbstsignierte_SSL_Zertifkate_mit_OPNsense_erstellen
Both go not the same way. The first uses an additional intermediate-ca and the second only root. But the main difference is the SAN. The one takes URI with https:... and the second uses only the DNS.
I used the intermediate-ca as the signer of the cert and I downloaded the intermediate cert, so I could import it in my "authorities" inside firefox. (I use Firefox ESR 68.8 ). I cleared cache, closed the browser and after the settings on opnsense applied nothing is accessible anymore. When I try to access the Dashboard, I only receive this message: PR_END_OF_FILE_ERROR
I even cant access the server via ssh. Only get timeouts...
No matter what way I try to access, OPNsense is not capable of providing the new cert. Even a reboot isn't working...
Whats wrong? I only used these guides and just to test it. Where can I see if opnsense has some ssl issues if I log in via shell?
-
After a little bit of try and error I backed up and set my opnsense config to default. I made some basic host configs and added again internal ca with intermediate. It worked, but now I dont know what service or config didnt like the new https cert.