Tutorial: How to Change a Self-Signed Certificate with a CA-Signed Certificate o

Started by beki, March 19, 2024, 08:54:34 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 19, 2024, 08:54:34 AM
Dear Beloved Zenarmor Users,

OPNsense allows you to create Let's Encrypt certificates using the ACME client, a plugin included in the repository. Let's Encrypt certificates are advantageous due to their cost-free nature and the ease with which they can be created for your domains.

The primary aim of Let's Encrypt and the ACME protocol is to facilitate the establishment of an HTTPS server that acquires a browser-trusted certificate autonomously, without requiring any human intervention. This is achieved through the implementation of a certificate management agent on the web server.

In this tutorial, we will explain how you can change a self-signed certificate with a Let's Encrypt certificate on your OPNsense firewall.

https://www.zenarmor.com/docs/network-security-tutorials/how-to-change-self-signed-certificates-with-ca-signed-certificate-on-opnsense

Best Regards,

Zenarmor Team
April 15, 2024, 05:09:08 PM #1
Thank you for the detailed tutorial.  But is there any way to use the ACME issued cert in Zenarmor for TLS decryption or for the TLS block page? 
April 16, 2024, 12:35:37 PM #2
Hi,
You may use your own certificate by importing it.
https://www.zenarmor.com/docs/opnsense/configuring/ca-management#import-ca-certificate
Bests
April 16, 2024, 12:36:55 PM #3
Yes, you can use your own certificate.

When you import it from Settings - Certificate Authority, your certificate is now used.

Self-signed certificate created by Zenarmor is being replaced.
April 16, 2024, 02:54:29 PM #4
Not sure that really answers my question.  Currently I use ACME (the way your tutorial instructs) to have a Let's Encrypt cert on my opnsense instance.  What I'm asking is how can I use that same cert and/or process to automatically generate and use an Let's Encrypt cert using ACME on Zenarmor? 
April 17, 2024, 06:22:43 PM #5
Hi,

You can import the created certificate but can not create yet. The only option is self-signed certificate for creating.


April 17, 2024, 09:52:20 PM #6
Quote from: sy on April 17, 2024, 06:22:43 PM
Hi,

You can import the created certificate but can not create yet. The only option is self-signed certificate for creating.

Import the cert ACME created from Let's Encrypt?  Is this automated or does this need to be manually done every 90 days.  I'm still unclear on this for some reason. 
April 23, 2024, 04:08:43 PM #7
Hi,

You need to do it manually yet.
Print
Go Up Pages1
User actions