Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Replace Web Gui SSL Cert with Self Signed CA
« previous
next »
Print
Pages: [
1
]
Author
Topic: Replace Web Gui SSL Cert with Self Signed CA (Read 4987 times)
crissi
Full Member
Posts: 172
Karma: 4
Replace Web Gui SSL Cert with Self Signed CA
«
on:
August 11, 2021, 06:45:41 pm »
Hello,
im trying to replace the Standard Admin Gui SSL Certificate. I found this Article here (first part only without Nextcloud Config):
https://forum.opnsense.org/index.php?topic=9053.msg40547#msg40547
Installed the Cert in Browser, set all to Trust but i still get error "Bad Cert"
Any Idea, what could be the problem, do i need to choose some specific value under Alternative Names ?
Thanks!
Logged
Cheers,
Crissi
errored out
Full Member
Posts: 171
Karma: 3
Re: Replace Web Gui SSL Cert with Self Signed CA
«
Reply #1 on:
August 12, 2021, 01:25:03 am »
The documentation has this as a setup guide. That post is may not apply since it from 2018.
Logged
crissi
Full Member
Posts: 172
Karma: 4
Re: Replace Web Gui SSL Cert with Self Signed CA
«
Reply #2 on:
August 12, 2021, 08:14:35 am »
Thanks, you mean this docu here
https://docs.opnsense.org/manual/how-tos/self-signed-chain.html
,seems basically the same setup, but will try again to be sure SAN = FQDN
Logged
Cheers,
Crissi
errored out
Full Member
Posts: 171
Karma: 3
Re: Replace Web Gui SSL Cert with Self Signed CA
«
Reply #3 on:
August 12, 2021, 09:00:25 pm »
Also, if you happen to lock yourself out, login to ssh / console and in the prompt select a previous configuration. Keep selecting a older one, one at a time till you get your gui back up.
Logged
crissi
Full Member
Posts: 172
Karma: 4
Re: Replace Web Gui SSL Cert with Self Signed CA
«
Reply #4 on:
August 13, 2021, 02:15:39 am »
Thanks, followed yet exactly the instructions, like in the article, but i still not get a secure connection to the web interface...
By creating the server certificate i tried with:
Common Name = FQDN
Alternative Names: Type: URI
Value:
https://FQDN
Common Name = FQDN
Alternative Names: Type DNS
Value: FQDN
Imported Intermediate CA to Firefox Cert Manager Authorities, imported the Int CA also to MAC Keychain all trusted, but im still not able to get the connection secure to the gui.. rebooted FW several times as well
Is there anything else to do, to get just a secure connection to the gui?
Thx
Logged
Cheers,
Crissi
crissi
Full Member
Posts: 172
Karma: 4
Re: Replace Web Gui SSL Cert with Self Signed CA
«
Reply #5 on:
August 13, 2021, 02:25:00 am »
Ohh, tried the whole time with the IP address, i forgot that i have to use the FQDN in the Browser to get the secure connection
Thanks for your Help & the Tip regarding the lockout
Logged
Cheers,
Crissi
errored out
Full Member
Posts: 171
Karma: 3
Re: Replace Web Gui SSL Cert with Self Signed CA
«
Reply #6 on:
August 13, 2021, 09:22:19 pm »
Actually, that should not matter IF you configure your certificates to use them.
When creating, for SAN (dropdown) change to IP and enter the address.
Logged
crissi
Full Member
Posts: 172
Karma: 4
Re: Replace Web Gui SSL Cert with Self Signed CA
«
Reply #7 on:
August 21, 2021, 06:01:34 pm »
Thx, so it would work with IP and FQDN or just IP then?
Logged
Cheers,
Crissi
errored out
Full Member
Posts: 171
Karma: 3
Re: Replace Web Gui SSL Cert with Self Signed CA
«
Reply #8 on:
September 01, 2021, 01:25:52 am »
It can work with both. You need to enter the correct SAN information when creating the certificate. I.E. in the drop down menu.
Logged
crissi
Full Member
Posts: 172
Karma: 4
Re: Replace Web Gui SSL Cert with Self Signed CA
«
Reply #9 on:
September 04, 2021, 02:27:59 pm »
thx, done and working now
Logged
Cheers,
Crissi
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Replace Web Gui SSL Cert with Self Signed CA