Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Having trouble getting signing certificate to work
« previous
next »
Print
Pages: [
1
]
Author
Topic: Having trouble getting signing certificate to work (Read 2068 times)
RobLatour
Full Member
Posts: 132
Karma: 7
Having trouble getting signing certificate to work
«
on:
November 05, 2021, 05:24:47 am »
Following the instructions of this video:
https://www.youtube.com/watch?v=IR41duTqN6Y
with updates to reflect changes in opnsense since the video was produced, I was able to create a signing certificate using my duckdns.org account.
However, while the OPNSense - Services - Certificate entry is enabled and is showing as issued, and while the OPNSense - System - Administration - Settings - System - SSL Certificate for my duckdns.org account appears in the dropdown list, and is selected.
when I browse to my opnsense url at
https://192.168.1.1/
I still get told it is an unsecured location.
Here is what my opnsense System:Trust:Certificates window says about the certificate (with my certificate name manually redacted to xxx below):
xxx.duckdns.org (ACME Client)
CA: No, Server: Yes R3 (ACME Client) CN=xxx.duckdns.org
Valid From: Thu, 04 Nov 2021 22:59:06 -0400
Valid Until: Wed, 02 Feb 2022 21:59:05 -0500
Any help would be appreciated.
«
Last Edit: November 05, 2021, 05:32:01 am by RobLatour
»
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Having trouble getting signing certificate to work
«
Reply #1 on:
November 05, 2021, 05:54:09 am »
hi. you access the GUI using the ip address and the certificate is issued for a domain name (CN does not match)
Logged
RobLatour
Full Member
Posts: 132
Karma: 7
Re: Having trouble getting signing certificate to work
«
Reply #2 on:
November 05, 2021, 12:59:16 pm »
Frigth: thank you.
For those that may run into the same issue.
When I try to access the router by IP address, I get an unsecured connection.
When I browse to my duckdns.org address I get "A potential DNS Rebind attack has been detected. Try to access the router by IP address instead of by hostname."
So what is needed in the url line is:
https://opnsense
where the word "opnsense" is the hostname as defined in OPNSense - Systems - Settings - General - Hostname.
This gives me a secure connection.
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: Having trouble getting signing certificate to work
«
Reply #3 on:
November 05, 2021, 04:33:41 pm »
in addition: to overcome dns rebind check Alternate Hostnames in System: Settings: Administration can be used
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Having trouble getting signing certificate to work