Project

General

Profile

Actions
Copy link

Bug #6902

closed

webConfigurator not using new certificate and won't disable SSL

Added by Bob Hannent over 8 years ago. Updated over 8 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
Certificates
Target version:
-
Start date:
11/08/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.2
Affected Architecture:
amd64

Description

Method:
  • I had the web UI using the default self-signed certificate and I used an alternate port number just in case.
  • I generated a certificate authority, imported that in to the trusted authorities on my computer and generated a signed certificate for pfsense.
  • In advanced configuration I selected the alternate SSL certificate and applied that.
  • Nothing changed, the logins still presented as a risk by Chrome, restarted browsers and tried alternate browsers (IE and Edge).
  • Imported the CA on to another device (android), restarted that device, the same errors.
  • On all devices and browsers it is still offering a self-signed cert generated in 2014.
  • Restarted webConfigurator from the console and no help.
  • Disabled SSL and set no port number in the UI and it still sits on the alternate port number with SSL enabled.
  • Cannot return to HTTP-only, redirected to SSL on alternate port.

This is really strange because it seems that the SSL option in the advanced menu is no longer doing anything.

Restarting the pfSense box has now locked me out of the UI, neither HTTPS or HTTP work now. Slightly concerned that I will have to rebuild the firewall now!

Actions
Copy link
 #1

Updated by Bob Hannent over 8 years ago

Bob Hannent wrote:

Restarting the pfSense box has now locked me out of the UI, neither HTTPS or HTTP work now. Slightly concerned that I will have to rebuild the firewall now!

Looks like Chrome was keeping the redirect in cache, using IE enabled me to use HTTP again and enable HTTPS.

Once pfSense was rebooted and the setting changed from HTTP to HTTPS the firewall is now presenting the correct certificates.

The bug is that the certificate was changed and multiple browsers saw the old certificate until pfSense was rebooted.

Actions
Copy link
 #2

Updated by Jim Pingle over 8 years ago

  • Status changed from New to Not a Bug

The certificate won't take full effect until the web server is restarted, and restarting the web server from a process run by the web server has been tricky in the past. Last time I tested this out, browsers were really unhappy when the cert changed in this way on POST, refusing to render the page and offering to resubmit the form data.

A reboot will work, but it's not necessary. Login to the console or ssh and enter option 11 to restart the GUI.

Actions
Copy link

Also available in: Atom PDF