OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Zenarmor (Sensei) »
  • TLS blocking page
« previous next »
  • Print
Pages: [1]

Author Topic: TLS blocking page  (Read 667 times)

almodovaris

  • Full Member
  • ***
  • Posts: 156
  • Karma: 8
    • View Profile
TLS blocking page
« on: October 28, 2022, 05:22:30 am »
I have enabled TLS blocking page (beta). How do I trust its certificate upon client PCs?

The certificate from /usr/local/opnsense/www/devServer/ says it's for localhost.

Also tried the certificates from /usr/local/sensei/cert/

I have found something about it at https://stackoverflow.com/questions/59738140/why-is-firefox-not-trusting-my-self-signed-certificate
« Last Edit: October 28, 2022, 07:35:57 am by almodovaris »
Logged

Phiolin

  • Newbie
  • *
  • Posts: 7
  • Karma: 1
    • View Profile
Re: TLS blocking page
« Reply #1 on: November 01, 2022, 09:03:58 pm »
You should be able to download the root certificate with practically every modern browser.

That said, it’d be cool if we could configure Zenarmor to use an existing OPNsense CA to generate the certificates instead of using its own internal CA.
Logged

almodovaris

  • Full Member
  • ***
  • Posts: 156
  • Karma: 8
    • View Profile
Re: TLS blocking page
« Reply #2 on: November 02, 2022, 06:47:48 am »
Error code: MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
Logged

sy

  • Sr. Member
  • ****
  • Posts: 336
  • Karma: 28
    • View Profile
Re: TLS blocking page
« Reply #3 on: November 03, 2022, 08:59:14 am »
Hi,

It will be changed to use OPNsense's CA for the next release, most probably 1.13.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Zenarmor (Sensei) »
  • TLS blocking page
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2