OPNsense 17.7.12-amd64 Web GUI HTTPS Not Trusted by Chrome63 or Edge

Started by cnaslund, January 24, 2018, 01:49:51 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 24, 2018, 01:49:51 AM
Logging into Opnsense 17.1.12 URL using either an IP or a server name like opnsense.localdomain with Chrome 63 gives a warning that the OPNSense CA is not trusted.  I added the CA certificate into Trusted Root Certificates and the Browser (as well as Windows 10 Edge) refuses to trust the certificate. 
I also created a self-signed certificate using the OpenSSL v3.ext in creation to use the new SubjectAltName with the server domain as as alternate IP.1 IPV4 address and added it to the Trust section of Opnsense.  I then added this self-signed certificate (along with my rootkeyCA.pem key) to my browsers.  Both browsers still complain about OpenSense's CA certificate as being invalid. 
Please advise on how I can fix this CA certificate.
January 24, 2018, 07:32:54 AM #1
Hi there,

If you a are worried about trust why not buy a certificate or roll out Let's Encrypt via the os-acme-client plugin?


Cheers,
Franco
January 29, 2018, 11:48:33 PM #2
The issue is that my browser of choice complains about the invalid CA certificate that is provided with OPNSense installation.  I just want the OPNSense Website to be trusted by my browser(s).  Please advice.
January 30, 2018, 12:14:45 AM #3
Sure, please buy a certificate or use Let's Encrypt (also usable via os-acme-client plugin).


Cheers,
Franco
January 30, 2018, 06:36:13 AM #4
This is expected behavior, also with commercial vendors like Sophos or Cisco ASA. You'll get a self signed certificated created by the wizard.

If you want it to stop do this with Lets Encrypt, or create a CA with OPNsense and import it to your system or just buy one (GlobeSSL should be one of the cheapest)
February 01, 2018, 06:24:08 AM #5
I followed your advise and tried Let's Encrypt.
Using the plug-crashes OPNsense 17.7.12-amd64. I installed the plug-in and am trying to figure out how to use it. The short tutorial is not very clear to me and does not match the configuration settings in the current version. It would be appreciated if you would assist me. I'm new to this.

Attached are the log files and the error contents when the OPNSense Server warns of a serious error.

Please advise.
Print
Go Up Pages1
User actions