Netgate SG-1000 microFirewall

Author Topic: Certificate and password for web GUI for login? Basic instructions...Argggg  (Read 2990 times)

0 Members and 1 Guest are viewing this topic.

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2433
  • Karma: +191/-9
    • View Profile
Re: Certificate and password for web GUI for login? Basic instructions...Argggg
« Reply #15 on: February 03, 2018, 01:06:39 pm »
@V3lcr0 : good !! (and sorry for the thread hi-jacking)

@johnpoz :
I know  ;) Good things are not always for free : I needed a domain name, let's call it "this-is-my-business.net".

But I guess I had no alternative, because I'm also using the pfSense's captive portal on a public site.
I wanted the login to happen on a "https://captiveportal.this-is-my-business.net.net"** and in this case the company was good for the couple of $ a year for the domain name
A public portal with a self signed cert is a no-go.

** I actually don't know why I preferred "https" captive portal login above http login, but it works great for everybody (read : my clients) so they are happy, which makes me happy.
Maybe because wifi networks placed in front of a captive portal are not (should not) WPS or EAS encoded - the radio connection is "open" - everybody can join right away.
And, everything is https these days, right ?  ;)

And because I was using the acme package for this cert, I also added "pfsense.captiveportal.this-is-my-business.net", and some more, for free ^^

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15179
  • Karma: +1414/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Certificate and password for web GUI for login? Basic instructions...Argggg
« Reply #16 on: February 03, 2018, 03:57:21 pm »
Dude if your box has been compromised and remoted.. What is 2FA going to do for your password to your firewall?  And how would they know your password? You storing it in clear text on your machine..

I think your tin foil hat is a bit too tight really...   But as stated if you want to really lock it down - only allow vpn in.. to hit your gui, and use OTP for that...
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)