Тёмный

Configuring CA or Certificate Authority with your pFSense Firewall 

VMNerd
Подписаться 3,2 тыс.
Просмотров 41 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

The purpose of this video is to configure a certificate authority or CA using the pFSense firewall. This video will also go into a couple different certificate distribution methods and conclude with a working CA.
Want me to create a tech tip for you. Write in the comments below and I will take it from there.
Don't forget to visit our website at www.vmnerd.com. Let me know what you think.

Опубликовано:

 

19 сен 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 62   
@fcarlson1964
@fcarlson1964 6 лет назад
The most tedious, broken, and generally unfriendly process in all of IT. You explained it well. Thanks.
@janne_kekalainen
@janne_kekalainen 6 лет назад
Thank you so much for making this video. Without it, I would have never figured out how to actually do it.
@VMNerd
@VMNerd 6 лет назад
You are very welcome ...
@und3rgr0undfr34k
@und3rgr0undfr34k 6 лет назад
the best certificate video out in the internet
@VMNerd
@VMNerd 6 лет назад
Thank You for your kind words ...
@ericwolf5874
@ericwolf5874 7 лет назад
Nice demo, doing a CA had been kicking my butt for awhile. As soon as you made your own Root CA a lightbulb went on. It was also good advice to not deploy the root but the Sub cert. Thanks for the help. You gained a Subscriber. :-)
@VMNerd
@VMNerd 7 лет назад
Thanks for your feedback ...
@c0deoustech
@c0deoustech 7 лет назад
Excellent explanation and thorough demonstration. A+
@VMNerd
@VMNerd 7 лет назад
Thank You for your feedback ...
@MrMichaelBPedersen
@MrMichaelBPedersen 7 лет назад
Thank you so much. This video is very informativ, certificates have been a black box to me, now it all makes sense :) SSL all the things :D
@ribeirinhoful
@ribeirinhoful 6 лет назад
Very good explanation, thank you and keep going good work.
@VMNerd
@VMNerd 6 лет назад
Thank You for your feedback.
@QuantumByteHub
@QuantumByteHub 7 лет назад
well explained, thank you for your effort Sir . Love your videos
@VMNerd
@VMNerd 7 лет назад
You very welcome enjoy !!
@konducta3095
@konducta3095 6 лет назад
Thank you so much! You are an excellent teacher!!
@VMNerd
@VMNerd 6 лет назад
Thank You for your feedback it is always appreciated.
@StefanRows
@StefanRows 6 лет назад
Thanks, that was great!
@VMNerd
@VMNerd 6 лет назад
Anytime I have plenty of other videos that provide value. Enjoy !!
@MakoaSantarini
@MakoaSantarini 5 лет назад
That was awesome. What happens when you change the IP associated with the certificate? Do you need to redistribute updated certificates?
@VMNerd
@VMNerd 5 лет назад
The IP is not associated with the certificate. If you change the IP as long as it resolves to your IP new or something else it should switch with no change to the client.
@moondawson2165
@moondawson2165 5 лет назад
Isn't there a way I can create a certificate trusted by all browsers, instead of manually installing them on each client connected to my network? What I really seek to do is to configure squid and squidguard for webfiltering but I find installing the certificate on all clients a bit impractical actually. Is there way around this please?
@mirino75
@mirino75 5 лет назад
Excellent explanation!!! thx
@VMNerd
@VMNerd 5 лет назад
Thank You for the feedback and I am glad you like the video.
@Orangepunkt
@Orangepunkt 6 лет назад
Thank you for this tutorial, actualy I'am facing some ssl_error_rx_record_too_long, while using HTTPS SQUID INTERCEPTION in my lab, even I tried to generate a root CA but I didn't use an intermediate one. does this cause such problems ? or is it a problem in squidguard as I guessed ? I need some explanation about how to fix it please, if you can help, I shall start on real project. thank you in advance.
@VMNerd
@VMNerd 6 лет назад
Intermediate one should not matter if your client machine trusts the root CA. You need to install the Root CA on the client workstation that is using the proxy.
@svilenski
@svilenski 7 лет назад
thanks !
@VMNerd
@VMNerd 7 лет назад
You are welcome
@omar72osm
@omar72osm 7 лет назад
hi. How can I add a PFSense generated certificate to glassfish server , which is stand behind the firewall, pls.
@VMNerd
@VMNerd 7 лет назад
I have never added to a glashfish server but it should be pretty straight forward. You will need to generate a server based certificate. Export the cert, private key and the ca cert. You will need to import them into the glassfish server. Some certificates may require some conversion. Check the site www.sslshopper.com/ssl-converter.html and go down about have way and you will see many conversion examples using openssl. I hope this helps point you in the right direction.
@Gabbartrading
@Gabbartrading 7 лет назад
Hello,Sir i am install CA or Certificate Authority work done. But my problem my client side ssl error i am Mozilla Firefox import Certificate and work done.. But Not a better solution.. my client side automatic ssl Certificate Authority any solution please help me.. my lan client access https squid proxy data....
@VMNerd
@VMNerd 7 лет назад
Firefox you may have to import the CA certificate you created in the browser itself. If you are having issues with Squid I have a video that walks through setting a up a pFSense transparent firewall there is a small section that goes through the SSL piece that works well "no perfect but well". Hope this helps ...
@mottaws
@mottaws 6 лет назад
Tank's!
@VMNerd
@VMNerd 6 лет назад
Your welcome ...
@omar72osm
@omar72osm 7 лет назад
how to : HTTPS to HTTP redirection from external web urls to internal web urls using pfsense ?? I generated the certificate as in the video, and was abled to access pfsense as you did. I have an internal Web server in LAN which can be accessed as myWebServer, and hope to access it from WAN as myWebServer
@VMNerd
@VMNerd 7 лет назад
Sorry I did not see this comment. You should be able to do that using HAProxy. I know that is a video that I want to work on. Also depending on your site you can control this from your web server. IIS and Apache and NGINX for sure can do that.
@omar72osm
@omar72osm 7 лет назад
tks for you interest, and I'm waiting your video.
@jlaica
@jlaica 7 лет назад
So we have several IIS servers how can you add a PFSense generated certificate to IIS?
@VMNerd
@VMNerd 7 лет назад
You can use openssl to convert the cert with the following example: openssl pkcs12 -export -out iispfxfile.pfx -inkey pfsenseiiscert.key -in pfsenseiiscert.crt -certfile pfsenseca.crt Windows does have some openssl binaries that can be installed you only will need to install the minimal version.
@agentxx3022
@agentxx3022 6 лет назад
Okay, wtf ?! I manualy added my root CA to the Trusted Root Certification Authoritys and it is trusted, my intermediate CA is SOMEWHERE, i just installed it via the "install certificate" in the .crt file, it is not listed in the Intermediate Certfificate Authoritys, but it is trusted, but my pfSense certificate is not trusted, even tho my root and my intermediate CAs are trusted O.o Welp... pls help. I'm using Firefox v. 57.0.4
@agentxx3022
@agentxx3022 6 лет назад
Okay, the solution was to go to about:config and set "security.enterprise_roots.enabled" to true, so that firefox trusts the windows certificate store. But one thing is still odd... i can't use my common name, why is that ? Your firewall.demo.vmnerd.com worked at this point.
@ThanhNguyen-ub6ts
@ThanhNguyen-ub6ts 8 лет назад
hi, can you explain why: 192.168.30.220 and 192.168.31.254. I'm not good in listening English. Thanks
@VMNerd
@VMNerd 8 лет назад
The 192.168.30.220 is the WAN or Internet Interface and the 192.168.31.254 is the LAN or your internal network Interface.
@MrStonerhr
@MrStonerhr 6 лет назад
what if my wan interface cant have a static ip ? tbh im trying to setup ssl man in the middle so i need certificates ... i hope i can partly use your guide which is great btw subing and liking
@MuhammadZahid-rt1tb
@MuhammadZahid-rt1tb 7 лет назад
Dear Sir i am facing Cert Name Invalid issue kindly teach me about this issue as soon as possible
@VMNerd
@VMNerd 7 лет назад
Two things: 1. Make sure you have the CA cert installed into the computer account store for certificate authorities. 2. Add both the IP address "as FQDN" and the FQDN/Hostname to the cert when generating your server cert. If you do those two things you should not get an SSL error. Anyways, I hope that helps ...
@regaljh
@regaljh 7 лет назад
Do I have to do anything with DNS to be able to access the web config by entering the common name instead of the ip address? I only added 1 alternative name, though I see you have 2. Everything works aside from this so what am I missing?
@VMNerd
@VMNerd 7 лет назад
This will depend on how you are connecting to your website. If you plan to use hostname then only the hostname needs to be added. If you plan to access the site via IP then you should add an additional FQDN and use your IP address
@VMNerd
@VMNerd 7 лет назад
Also make sure you have the CA cert in your machine data store under the Certificate Authorities on both the server and the client.
@regaljh
@regaljh 7 лет назад
I've got the root and intermediate installed. What do I do with the common name one I created? Doe it get installed too?
@VMNerd
@VMNerd 7 лет назад
The cert with the common name should be installed on the device you plan to use it on. Like a web server etc ... there are two cert types user and server make sure if you are going to advertise it then you should use the server one.
@regaljh
@regaljh 7 лет назад
I got it working. Thanks for your help.
@fadyali6349
@fadyali6349 7 лет назад
Hi there i did step by step and i am now facing ssl error responded from the pfsense ip Web GUI help plz ^^
@fadyali6349
@fadyali6349 7 лет назад
i solved the issue by did the check on Enable Secure Shell on the System\ Advanced\Admin Access
@VMNerd
@VMNerd 7 лет назад
Glad you got your issue resolved. Some of the browsers don't like when you use unsigned certificates that they do not recognize.
@omar72osm
@omar72osm 7 лет назад
Hi, it's good. I'v have a question about installing the certificate under ubuntu trusted list. Thanks
@VMNerd
@VMNerd 7 лет назад
Please ask the question what is it that you are trying to do?
@omar72osm
@omar72osm 7 лет назад
hi, you mentioned to the way of adding CA under windows. How can I do the same thing under ubuntu 14.04
@VMNerd
@VMNerd 7 лет назад
Give this a try - Go to /usr/share/ca-certificates/ - Create a new folder, i.e. "sudo mkdir CAName" - Copy the .crt file into the CAName folder - Make sure the permissions are OK (755 for the folder, 644 for the file) - Run "sudo update-ca-certificates"
@omar72osm
@omar72osm 7 лет назад
dear sir. I did the instruction above and after that I tried browsing the pfsense with HTTPS, but it still the page send msg " your connection is not secure"
@VMNerd
@VMNerd 7 лет назад
Let me test this scenario in my lab
Далее
Getting Started With pfsense Firewall Rules and Troubleshooting States With pfTop.
27:49
Getting Started With pfsense Firewall Rules and Troubleshooting States With pfTop.
Просмотров 100 тыс.
SSL Encryption on Your Home Server the SIMPLE WAY - Cloudflare, pfSense, HAProxy, ACME https setup
17:24
SSL Encryption on Your Home Server the SIMPLE WAY - Cloudflare, pfSense, HAProxy, ACME https setup
Просмотров 79 тыс.
НОВЫЙ 123GO! Злая учительница - моя няня?! Крутые школьные лайфхаки от феи-крестной
00:54
НОВЫЙ 123GO! Злая учительница - моя няня?! Крутые школьные лайфхаки от феи-крестной
Просмотров 180 тыс.
Новые Пацанки. Остров // 1 выпуск. Премьера нового сезона
3:08:24
Новые Пацанки. Остров // 1 выпуск. Премьера нового сезона
Просмотров 603 тыс.
ЛЕГЕНДАРНАЯ ГОНКА Passat VS BMW | Ильдар АВТО-ПОДБОР против Мастерской Синдиката
1:03:24
ЛЕГЕНДАРНАЯ ГОНКА Passat VS BMW | Ильдар АВТО-ПОДБОР против Мастерской Синдиката
Просмотров 2,3 млн
Леша Жидковский никогда не жалуется своим друзьям
00:26
Леша Жидковский никогда не жалуется своим друзьям
Просмотров 100 тыс.
pfSense - Let's Encrypt guide. Get a proper SSL certificate for your WebUI.
9:34
pfSense - Let's Encrypt guide. Get a proper SSL certificate for your WebUI.
Просмотров 38 тыс.
Configuring HA for a pFSense Firewall
23:34
Configuring HA for a pFSense Firewall
Просмотров 23 тыс.
Basic Setup and Configuring pfsense Firewall Rules For Home
17:27
Basic Setup and Configuring pfsense Firewall Rules For Home
Просмотров 368 тыс.
How to configure Captive Portal on PFSense Firewall
32:22
How to configure Captive Portal on PFSense Firewall
Просмотров 59 тыс.
How To Configure and Setup A Multi Site to Site VPN with pFSense and OpenVPN
23:14
How To Configure and Setup A Multi Site to Site VPN with pFSense and OpenVPN
Просмотров 39 тыс.
pfsense and Rules For IoT Devices with mDNS
17:08
pfsense and Rules For IoT Devices with mDNS
Просмотров 116 тыс.
How To Setup pfsense OpenVPN Policy Routing With Kill Switch Using A Privacy VPN
25:23
How To Setup pfsense OpenVPN Policy Routing With Kill Switch Using A Privacy VPN
Просмотров 117 тыс.
Enable SSL for pfSense 2.4 - Quick & Easy!
16:04
Enable SSL for pfSense 2.4 - Quick & Easy!
Просмотров 33 тыс.
Update: Configuring An OpenSource pFSense Firewall to Use Private Internet Access VPN
21:29
Update: Configuring An OpenSource pFSense Firewall to Use Private Internet Access VPN
Просмотров 9 тыс.
How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsense
18:38
How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsense
Просмотров 469 тыс.
НОВЫЙ 123GO! Злая учительница - моя няня?! Крутые школьные лайфхаки от феи-крестной
00:54
НОВЫЙ 123GO! Злая учительница - моя няня?! Крутые школьные лайфхаки от феи-крестной
Просмотров 180 тыс.