Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
certificate for Firefox Certificate Internal
« previous
next »
Print
Pages: [
1
]
Author
Topic: certificate for Firefox Certificate Internal (Read 6847 times)
mayo
Jr. Member
Posts: 72
Karma: 4
certificate for Firefox Certificate Internal
«
on:
September 18, 2017, 01:43:52 pm »
I everybody, I'm new user installed Opnsense at home on a apu 2c4d board. Everything works fine (simple installation now, just DHCP and some rules). I would like to create a certificate for the management webpage reached on internal LAN. Every time I try to login firefox says me that it can't validate the certificate, neither I can import it. Any step by step guide to trust my internal browser(s)? Thank you so much!
«
Last Edit: September 18, 2017, 01:46:05 pm by mayo
»
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: certificate for Firefox Certificate Internal
«
Reply #1 on:
September 18, 2017, 02:02:18 pm »
Hi there,
For the web GUI itself or the web proxy?
Cheers,
Franco
Logged
mayo
Jr. Member
Posts: 72
Karma: 4
Re: certificate for Firefox Certificate Internal
«
Reply #2 on:
September 18, 2017, 02:17:29 pm »
Hi Franco, just for the web GUI, for the moment I have the web proxy disabled.
Thank you!
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: certificate for Firefox Certificate Internal
«
Reply #3 on:
September 19, 2017, 06:49:39 am »
Hi mayo,
The normal web GUI certificate is self-signed, which means you can only import the certificate itself into your local store to make the warning go away (or set e.g. Firefox to "permanently" accept).
You could also create a new CA from System: Trust: Authorities, create a new certificate from it under System: Trust: Certificates, and use that certificate as the web GUI one via System: Settings: Administration. With a CA, you can install the CA in your local store for the client(s) so that all certificates by this CA are trusted now and in the future.
You can also get a real certificate from a vendor or Let's Encrypt (we have a plugin under System: Firewall: Plugins named "os-acme-client"). Manual certificates are imported under System: Trust: Certificates, or you could do a Certificate Signing Request from there. Let's Encrypt plugin automatically creates, imports and renews certificates, but it's a bit over the top for a small install where you only want local access for that one box.
Hope this helps.
Cheers,
Franco
Logged
mayo
Jr. Member
Posts: 72
Karma: 4
Re: certificate for Firefox Certificate Internal
«
Reply #4 on:
September 19, 2017, 12:13:22 pm »
Hi Franco, thank you for the reply!
Firefox dosn't let me dowload locally the defaul certificate.
I will try as soon I'll get home making a new internal CA as you suggested in point 2.
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: certificate for Firefox Certificate Internal
«
Reply #5 on:
September 19, 2017, 12:15:45 pm »
The CA has the advantage that you can use it in the proxy too
Logged
mayo
Jr. Member
Posts: 72
Karma: 4
Re: certificate for Firefox Certificate Internal
«
Reply #6 on:
September 28, 2017, 04:19:30 pm »
Hi , I followed your advices to add a CA and create a certificate. Everything works fine in opnsense, added certificate to osx keychain but firefox dosn't recognized it
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: certificate for Firefox Certificate Internal
«
Reply #7 on:
September 28, 2017, 04:33:18 pm »
@mayo:
firefox has its own certificate store and does not use the system store. You have to import the certificate into both.
Logged
mayo
Jr. Member
Posts: 72
Karma: 4
Re: certificate for Firefox Certificate Internal
«
Reply #8 on:
September 29, 2017, 08:44:19 am »
@fabian perfect, I'll do in the afternoon! thanks!
Logged
andreab
Newbie
Posts: 21
Karma: 4
Re: certificate for Firefox Certificate Internal
«
Reply #9 on:
November 30, 2017, 02:59:04 am »
Hi!
I had to fiddle a bit to get this to work but I think I nailed it. :-)
Franco - thank you for your explanation, it's been the best I could find so far.
I want to extend a bit on what I did exactly in case that might help someone else in my situation.
1) I created my internal self-signed CA (under System: Trust: Authorities).
2) Then under "System: Trust: Certificates" I "Create an internal Certificate" selecting "Server Certificate" as Type, and selecting the CA created at step 1)
3) I've exported the CA certificate created at step 1) into my Linux system but that was not enough, as Firefox seems to use a separate store for the CA, so I had to import it into Firefox too separately.
4) Switched the SSL certificate used for HTTPS under "System: Settings: Administration" to the newly created at step 2), and save.
Hope it helps.
Regards,
Andrea
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
certificate for Firefox Certificate Internal