Replace Web Gui SSL Cert with Self Signed CA

Started by crissi, August 11, 2021, 06:45:41 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 11, 2021, 06:45:41 PM
Hello,

im trying to replace the Standard Admin Gui SSL Certificate. I found this Article here (first part only without Nextcloud Config):

https://forum.opnsense.org/index.php?topic=9053.msg40547#msg40547


Installed the Cert in Browser, set all to Trust but i still get error "Bad Cert"

Any Idea, what could be the problem, do i need to choose some specific value under Alternative Names ?

Thanks!
Cheers,
Crissi
August 12, 2021, 01:25:03 AM #1
The documentation has this as a setup guide.  That post is may not apply since it from 2018.
August 12, 2021, 08:14:35 AM #2
Thanks, you mean this docu here https://docs.opnsense.org/manual/how-tos/self-signed-chain.html ,seems basically the same setup, but will try again to be sure  SAN = FQDN
Cheers,
Crissi
August 12, 2021, 09:00:25 PM #3
Also, if you happen to lock yourself out, login to ssh / console and in the prompt select  a previous configuration.  Keep selecting a older one, one at a time till you get your gui back up.
August 13, 2021, 02:15:39 AM #4
Thanks, followed yet exactly the instructions, like in the article, but i  still not get a secure connection to the web interface...

By creating the server certificate i tried with:

Common Name = FQDN 
Alternative Names: Type: URI
                             Value: https://FQDN


Common Name = FQDN
Alternative Names: Type DNS
                             Value: FQDN


Imported Intermediate CA to Firefox Cert Manager Authorities, imported the Int CA also to MAC Keychain all trusted, but im still not able to get the connection secure to the gui.. rebooted FW several times as well

Is there anything else to do, to get just a secure connection to the gui?
Thx
Cheers,
Crissi
August 13, 2021, 02:25:00 AM #5
Ohh, tried the whole time with the IP address, i forgot that i have to use the FQDN in the Browser to get the secure connection  :)

Thanks for your Help & the Tip regarding the lockout
Cheers,
Crissi
August 13, 2021, 09:22:19 PM #6
Actually, that should not matter IF you configure your certificates to use them. 

When creating, for SAN (dropdown) change to IP and enter the address. 
August 21, 2021, 06:01:34 PM #7
Thx, so it would work with IP and FQDN or just IP then?
Cheers,
Crissi
September 01, 2021, 01:25:52 AM #8
It can work with both.  You need to enter the correct SAN information when creating the certificate. I.E. in the drop down menu.
September 04, 2021, 02:27:59 PM #9
thx, done and working now  :)
Cheers,
Crissi
Print
Go Up Pages1
User actions