Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Proxy server beginner question regarding certificate of authority
« previous
next »
Print
Pages: [
1
]
Author
Topic: Proxy server beginner question regarding certificate of authority (Read 1487 times)
patrick3000
Jr. Member
Posts: 87
Karma: 6
Proxy server beginner question regarding certificate of authority
«
on:
October 16, 2023, 05:25:40 am »
I have OPNsense set up as the firewall for my house. Both my spouse and I work form home, and we rely on the network extensively.
I would like to harden security, and I'm considering setting up a transparent proxy server in OPNsense so that I can subsequently install Zenarmor and ClamAV. However, I'm undecided about this because all the proxy server tutorials I've seen rely on self-signed certificates for SSL access, and there is no way I'd want to install trusted certificates on all client devices in my house, which include numerous Linux and Windows laptops and desktop PCs, as well as phones with IOS.
So, I'm wondering whether there is a way to buy a trusted certificate from an authority and install that in OPNsense for SSL access with the proxy server rather than using a self-signed certificate, which would avoid the need to do any configuration at the client level. I would think this would be possible, and trusted certificates aren't expensive, but for some reason, all the tutorials I've seen rely on self-signed certificates, so I'm wondering if there's something I'm missing.
Bottom line: Is it possible to install a transparent proxy server on OPNsense and install a trusted certificate of authority, rather than self-signed, so that I can avoid the need to do any configuration at the client level?
«
Last Edit: October 16, 2023, 05:50:01 am by patrick3000
»
Logged
newsense
Hero Member
Posts: 1037
Karma: 77
Re: Proxy server beginner question regarding certificate of authority
«
Reply #1 on:
October 16, 2023, 07:07:35 am »
Bottom Line:
NO
Logged
patrick3000
Jr. Member
Posts: 87
Karma: 6
Re: Proxy server beginner question regarding certificate of authority
«
Reply #2 on:
October 16, 2023, 07:20:19 am »
Thanks. I don't understand why, because trusted, signed certificates are available for purchase from various authorities, but I tend to believe that you're likely correct, because I have not yet seen a tutorial that discusses setting up a transparent proxy server with anything other than a self-signed certificate, and given the hassle of configuration at the client level that that entails, I'm guessing that if it were possible to use a trusted certificate form an authority, then the tutorials would discuss how to do so.
Logged
newsense
Hero Member
Posts: 1037
Karma: 77
Re: Proxy server beginner question regarding certificate of authority
«
Reply #3 on:
October 16, 2023, 07:38:46 am »
You can buy leaf certificates.
What you're asking is if it's not possible to buy an Intermediate CA able to issue _any_ certificates trusted worlwide -- for home use.
Logged
Patrick M. Hausen
Hero Member
Posts: 6810
Karma: 572
Re: Proxy server beginner question regarding certificate of authority
«
Reply #4 on:
October 16, 2023, 08:24:01 am »
The transparent proxy needs to generate and sign certificates for e.g. forum.opnsense.org, google.com, ... on the fly. So you need a CA certificate. These are not generally available for individuals.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
patrick3000
Jr. Member
Posts: 87
Karma: 6
Re: Proxy server beginner question regarding certificate of authority
«
Reply #5 on:
October 16, 2023, 06:33:15 pm »
Patrick M. Hausen that makes sense. Thanks for the explanation.
Logged
Patrick M. Hausen
Hero Member
Posts: 6810
Karma: 572
Re: Proxy server beginner question regarding certificate of authority
«
Reply #6 on:
October 16, 2023, 07:00:49 pm »
Maybe ask Honest Achmed how to establish your own CA
https://bugzilla.mozilla.org/show_bug.cgi?id=647959
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
patrick3000
Jr. Member
Posts: 87
Karma: 6
Re: Proxy server beginner question regarding certificate of authority
«
Reply #7 on:
October 16, 2023, 07:20:58 pm »
LOL.
On a more serious note, I am now considering setting up a transparent proxy on a single subnet, that's only used by me and has a couple of Linux laptops plus my Truenas servers, and seeing how much of a hassle it is to add the certificates at the client level, without doing it on the other subnets that are used for phones, television, my spouses Windows laptops, etc.
If it works well, maybe I'll expand it to the other subnets later.
«
Last Edit: October 16, 2023, 07:24:23 pm by patrick3000
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Proxy server beginner question regarding certificate of authority