Show Posts
1
21.7 Legacy Series / [solved] SSL certificate for web gui used for other websites behind opnsense?
« on: October 16, 2021, 05:14:23 am »
Hi,
i have imported a valid SSL certificate for the web gui and set it under System/Settings/Administration for the web gui. Works fine, no problems.
A couple of days ago I noticed that I can't reached my websites (2) locally, but they are online and reachable from externel networks. I got a certificate error, the certificate from opnsense is being used. Logically the common name is invalid.
So I changed the certificate back to the self signed one from installation and same error, only the message changes (certificate is now selfsigned).
I also tried the option listen interfaces. E.g. when I uncheck WAN, the website isn't reachable locally (timeout). Seems strange to me, since this option is only for the web gui from opnsense.
Before the problem appeared I moved to a new apartment, in the old one I don't have this problem because in front of my opnsense was a reverseproxy from the company from which I got the Internet (the reverseproxy overwrites the certificate I think). So the way for a request was: company router->company reverseproxy->opnsense (my router)->reverseproxy (mine, nginx)->webserver.
Now I'm directly connected to the internet (as normal) and the way from a request is: opnsense->reverseproxy(nginx)->webserver and backwards. The correct certificate is set from the reverseproxy and, as I wrote, works smooth outside my network.
But the header from the reverseproxy (e.g. HSTS) are passed throught, only the certificate is modified.
Why I'm sure that the wrong certificate comes from opnsense? I updated only this certificate und can see the changes when I try to connect locally to the websites.
opnsense version: 21.7.3_3-amd64
Can you please help me find the cause for this problem?
i have imported a valid SSL certificate for the web gui and set it under System/Settings/Administration for the web gui. Works fine, no problems.
A couple of days ago I noticed that I can't reached my websites (2) locally, but they are online and reachable from externel networks. I got a certificate error, the certificate from opnsense is being used. Logically the common name is invalid.
So I changed the certificate back to the self signed one from installation and same error, only the message changes (certificate is now selfsigned).
I also tried the option listen interfaces. E.g. when I uncheck WAN, the website isn't reachable locally (timeout). Seems strange to me, since this option is only for the web gui from opnsense.
Before the problem appeared I moved to a new apartment, in the old one I don't have this problem because in front of my opnsense was a reverseproxy from the company from which I got the Internet (the reverseproxy overwrites the certificate I think). So the way for a request was: company router->company reverseproxy->opnsense (my router)->reverseproxy (mine, nginx)->webserver.
Now I'm directly connected to the internet (as normal) and the way from a request is: opnsense->reverseproxy(nginx)->webserver and backwards. The correct certificate is set from the reverseproxy and, as I wrote, works smooth outside my network.
But the header from the reverseproxy (e.g. HSTS) are passed throught, only the certificate is modified.
Why I'm sure that the wrong certificate comes from opnsense? I updated only this certificate und can see the changes when I try to connect locally to the websites.
opnsense version: 21.7.3_3-amd64
Can you please help me find the cause for this problem?