Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Using a Cloudflare Origin Certificate with OPNsense
« previous
next »
Print
Pages: [
1
]
Author
Topic: Using a Cloudflare Origin Certificate with OPNsense (Read 3471 times)
spetrillo
Hero Member
Posts: 721
Karma: 8
Using a Cloudflare Origin Certificate with OPNsense
«
on:
May 31, 2022, 05:30:29 am »
Evening all,
I would like to secure my OPNsense firewall with a Cloudflare certificate rather than relying on the self signed one. Since I am using Cloudflare I would assume I do not need to install the Let's Encrypt plugin but go directly to System/Trust/Certificates and add my Cloudflare cert.
How can I activate the Cloudflare certificate, or since it is installed will it be used by default. I would think the self signed certificate is still in effect. Right now my firewall's FQDN is OPNsense.
my internal domain name
.com. Do I need to change this to OPNsense.
my external domain name
.com, in order for this to work?
Thanks,
Steve
Logged
Vilhonator
Full Member
Posts: 245
Karma: 13
Re: Using a Cloudflare Origin Certificate with OPNsense
«
Reply #1 on:
May 31, 2022, 07:56:25 am »
Yes. the FQDN of your firewall needs to match the FQDN to which certificate is signed for.
You can use Wildcard (certificate which has 1 main domain and multiple subdomains and / or IPs, A.K.A aliases)
You will need Certificate data and Private key data which you can find by opening the privatekey.key and certificate.cert files with notepad (which is why it's crucial to encrypt them and store them somewhere absolutely safe, otherwise anyone can use them).
After you have given a name for the certificate and saved it. You need to go to System ---> Settings ---> Administration and choose it under "SSL certificate" option and save selection.
Logged
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: Using a Cloudflare Origin Certificate with OPNsense
«
Reply #2 on:
May 31, 2022, 02:24:41 pm »
My certificate has
.domain name and *.domain.name
. I do not need explicit host names, as the * should take care of that correct?
Logged
Vilhonator
Full Member
Posts: 245
Karma: 13
Re: Using a Cloudflare Origin Certificate with OPNsense
«
Reply #3 on:
May 31, 2022, 06:27:08 pm »
Not in this case.
Certificates are case sensitive.
you can't use certificate registered to beautifullsky.com on server1.beautifullsky.com, for that you need wildcard certificate.
SSL certificates makes sure that domains DNS A and / or AAA record(s) match the IP address. As long as IP address matches the dns records, your browser will allow the connection to pass, if not, you will receive warning telling that the certificate is registered to different domain or there's mismatch with DNS records.
In otherwords, Certificate is like an ID with which server proves their authenticity.
«
Last Edit: May 31, 2022, 06:29:51 pm by Vilhonator
»
Logged
Vilhonator
Full Member
Posts: 245
Karma: 13
Re: Using a Cloudflare Origin Certificate with OPNsense
«
Reply #4 on:
May 31, 2022, 06:46:37 pm »
Well technically I am wrong, you CAN use same certificate for multiple hosts, your web browser just warns you about not being able to validate the certificate if domain name or IP address doesn't match the DNS records.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Using a Cloudflare Origin Certificate with OPNsense
