OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Let´s Encrypt Cert for the OPNSense Webgui itself ?
« previous next »
  • Print
Pages: [1]

Author Topic: Let´s Encrypt Cert for the OPNSense Webgui itself ?  (Read 2876 times)

BeNe

  • Full Member
  • ***
  • Posts: 106
  • Karma: 12
  • Use *BSD and feel free!
    • View Profile
Let´s Encrypt Cert for the OPNSense Webgui itself ?
« on: February 11, 2018, 08:02:20 pm »
Hello OPNsense Folks,

can i use the Let´s Encrypt Plugin to generate a valid SSL Cert for the OPNSense WebGUI itself ?

As far is know i can use HA-Proxy and the Let´s Encrypt Plugin to generate a Cert for Web-Services behind the Firewall, but not for the Firewall itself.

My Firwall has a external static dns entry.
Is there an option ?

Thanks!
Logged

elektroinside

  • Hero Member
  • *****
  • Posts: 574
  • Karma: 50
    • View Profile
Re: Let´s Encrypt Cert for the OPNSense Webgui itself ?
« Reply #1 on: February 11, 2018, 08:40:39 pm »
You can use any certificate (including Let's Encrypt) for anything that uses certificates of such, including the GUI.
Generate one according to your external hostname (make sure your hostname points to your OPNsense box) and load it in System: Settings: Administration: SSL Certificate.
Mind you that the plugin is still outdated and it won't work, needs a refresh which supposedly will be ready soon.

More info about the issue here: https://forum.opnsense.org/index.php?topic=7139
« Last Edit: February 11, 2018, 08:48:13 pm by elektroinside »
Logged
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member

BeNe

  • Full Member
  • ***
  • Posts: 106
  • Karma: 12
  • Use *BSD and feel free!
    • View Profile
Re: Let´s Encrypt Cert for the OPNSense Webgui itself ?
« Reply #2 on: February 11, 2018, 10:30:54 pm »
Hi elektroinside,

thank you for your answer
Will the Let´s encrypt plugin (if it is fixed) - also update/renew the Let´s encrypt Certificate for the WebGUI ?
« Last Edit: February 11, 2018, 10:42:33 pm by BeNe »
Logged

elektroinside

  • Hero Member
  • *****
  • Posts: 574
  • Karma: 50
    • View Profile
Re: Let´s Encrypt Cert for the OPNSense Webgui itself ?
« Reply #3 on: February 11, 2018, 10:56:20 pm »
The plugin "generates" a certificate that is signed by a trusted certificate authority called "Let's Encrypt".
This plugin only "generates" signed certificates by this CA. It is of your choice where are you going to install the cert and for what services (you can export them and use it for something else if you wish). If you choose to use it for the WebGUI (setting the option I mentioned before), then the web server behind the WebGUI will also use it, as it is using the same cert (by name), located in the same path of your OPNsense box.

More simply put: running the plugin will result in some files, saved somewhere on the HDD. Those files will be read by some services, including the web server ()if configured) and pushed towards the connected clients. The browser verifies it, validates it, and you get to have a connection trusted by the browser. Rerunning the plugin will result in files with the same name but different content (overwritten).

Anyway, the short answer is yes :)
« Last Edit: February 11, 2018, 11:13:13 pm by elektroinside »
Logged
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Let´s Encrypt Cert for the OPNSense Webgui itself ?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2