Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

PFSense Self Signed Certs Problem - post upgrade to 6.10.3 from 6.9.2 (Solved)

Featured Replies

Having a real problem getting my pfsense self signed certs to work since the upgrade (they were working before upgrade). When I put the <name>_unraid_bundle.pem file into the certs folder, and either reboot or restart nginx the pem file gets immediately overwritten. I have tried re-issuing new certs, updating/changing the server name and issuing new certs, using wild card certs (which work in my docker nginx), and I am at a loss at to what I am doing wrong.

This is the cert :

image.png.dfc57f8cf60eb47aaa97c7092c9618b3.png

 

The server name matches :
image.png.a0a6dc8cc40d555d0748ec8b6b9ea1cf.png

 

I export the .key & .crt from pfsense and cat them together into the pem file on unraid, but it just gets overwritten immediately, with an internally signed cert.
I have installed my ca into windows so any certs issued are trusted:
image.png.f6490767b7217dac0345f831ec97ef39.png
 

but unraid its just:
image.png.93720da981d71d008811ead2f775e665.png
image.png.0a3bb2bde21ef90415dfebb11b784f4f.png

 

I'm obviously doing something wrong, or have misread something, can anyone shed any light please?

 

Update: Validating the Subject in the pem file:
image.png.7762a4a65850ef7087c66215fe833b09.png

Edited by Minty Trebor
more info

Solved by ljm42

Unraid determines its url from the [servername].[localTLD] settings. If that url is not valid for the certificate you provide, it will get deleted and replaced with a self-signed certificate that is valid for those settings.

 

So if you want this to be the url to the server:
  homesvr3.rjbhome.localdomain

 

First you need to ensure DNS resolves homesvr3.rjbhome.localdomain to the server's IP address

(I'm guessing you've already done this)

 

Then on Settings -> Identification you need to set the "servername" to:
  homesvr3 
(you have already done this)

 

And on Settings -> Management Access you need to set the "Local TLD"  to:
  rjbhome.localdomain
(you need to do this)

 

And the certificate needs to be valid for either of these urls:
  homesvr3.rjbhome.localdomain

  *.rjbhome.localdomain
(you have already done this)

 

For more details see:
  https://wiki.unraid.net/Manual/Security#Securing_webGui_connections_.28SSL.29 

 

I have made some assumptions, so if you have further questions please upload your diagnostics.zip file (from Tools -> Diagnostics) to your next post in this thread.

  • Author

Thanks for replying, the LocalTLD setting is not set to the correct value, there was a typo. I could of sworn i did not change this during the upgrade... And i didn't spot it until i took a screen shot to post in this reply. I transposed 2 letters...

Thanks !! :D

Edited by Minty Trebor
IDOCY

  • Solution

Oh, your screenshot of the Local TLD shows a typo:  domian instead of domain

  • Author

Yes I spotted as I posted, edit reply above!

 

Thanks Again

 

  • Minty Trebor changed the title to PFSense Self Signed Certs Problem - post upgrade to 6.10.3 from 6.9.2 (Solved)

Great! glad it is working now.

 

SSL support has been reworked in 6.10 to be more secure.  The LocalTLD setting had minimal impact in 6.9 so you might not have noticed the typo previously. In 6.10 the LocalTLD is used to generate the server's url, so it is much more important.

  • Author

Ahh, so it could have been wrong all the time! - makes sense - at least I know I'm not going crazy!!

:D

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.