Messages

Next question. Does Opnsense have a plugin which will push an internal certificate to connected devices when the network doesn't have group policies or active directory?

Let me rephrase the above question... Has anyone used Captive Portal to push a self-signed cert to a guest machine, when there is no GPO/AD?

Google search didn't pull up anything on Symantec / Blue Coat case. But I'll keep looking.

Next question. Does Opnsense have a plugin which will push an internal certificate to connected devices when the network doesn't have group policies or active directory?

There are some humanitarian non-profit organizations, who don't have budgets for IT hardware/software and staff to support. So it seems there would be a big demand for a product that can both allow/block ports as well as allow/block content easily. Doesn't necessarily have to be turn-key but something a volunteer, like myself, can add to a network.

Is it possible to use Let's Encrypt cert for SSL filtering (transparent proxy)? I'm using the internal one right now, but everyone on the guest network gets the famous ERR_CERT_AUTHORITY_INVALID message. It's a guest network, that means, tablets, phones, laptops all kinds of different devices and different people. So, not possible to tell everyone they have to save the internal certificate into their browser. None of the guests even knows what that means!

If it's not possible then how can SSL be filtered? I created an AWS cert, and downloaded that to Opnsense, but that didn't do anything. I've also added Sensei plugin, free version, which gives some level of control, but still looking for a solution. Any ideas?

I'm using a self-signed cert for HTTPS inspection for content filtering. I've got OPT2 configured as a guest network on my Protectli, and content filtering, using shallalist works great. Only downside, is that when I try to access am HTTPS site, Firefox/Chrome always give a warning page: "Your connection is not private" "ERR_CERT_AUTHORITY_INVALID". After much Googling, I came across an old post, that said Let's Encrypt can give public certs which would get rid of the message.

I added the LE plugin but couldn't figure out, how to create a cert for use on the Foward Proxy "CA to use" field, required for SSL inspection. Looking through this walkthrough, I'm wondering if there is something here that can help achieve creating a cert for content filtering. Anyone have any experience with this?