[SOLVED] I botched my Certificate (self made outside of opnsense)

[NorbertK]

Hello all,
i created a root ca and a pem outside of opnsense and managed to botch my Opnsense Web UI.

Edge complains with the helpful ERR_SSL_PROTOCOL_ERROR

Librewolf (FF Fork ) says SSL_ERROR_INTERNAL_ERROR_ALERT

curl -k from an other linux box  works


How can I roll back to the defaults ?

I tried

Code Select Expand

configctl webgui restart renew


But nothing changed .

Many thanks for any pointer !

Norbert

[dseven]

Login with ssh or on the console and select option 13 (Restore a backup)?

[NorbertK]

Login with ssh or on the console and select option 13 (Restore a backup)?

Unfortunately the change was a long time ago and this is quite risky because it would overwrite any changes.

In theory I just have to simulate

System: Settings: Administration: SSL Certificate

But how ?

[dseven]

I suppose you could try editting /conf/config.xml , but at your own risk!

The cert is referenced at opnsense -> system -> webgui -> ssl-certref, and you should find the actual cert (and its private key) in the config too (search for that reference). If you still have the original "Web GUI TLS certificate", you probably could plug in its reference, then "Reload all services" from the login menu, or reboot. Alternatively maybe you could temporarily set opensense -> system -> webgui -> protocol to "http", then repair via the web UI on port 80....

[Monviech (Cedrik)]

Just use the docs:

https://docs.opnsense.org/troubleshooting/webgui.html

[NorbertK]

Just use the docs:

https://docs.opnsense.org/troubleshooting/webgui.html

Thanks a lot ! That is by far the simplest solution.And it works too  ;-)