Internet > General Internet

Self-Signed Certificates on OPNSense

(1/2) > >>

Chunkers:
I was wondering if anyone could give me some advice on Self Certified Certificates and whether it is worth it / possible to use Lets Encrypt or something similar to prevent a browser always alerting "your connection is not private". Are self signed certificates much of a risk for a home OPNsense user?

I was reading this guys website on the subject.

Is a registered domain a necessity?  I do currently have one, but the service I use doesn't appear to allow me to generate the necessary tokens

Just curious really, and also a bit annoyed that every time I access my OPNsense webUI I have to 'Proceed unsafely'

C

Alex Atkin UK:
I continue to use http to avoid this hassle, also as I have custom cgi scripts my server probes on pfSense to monitor router activity.

I just don't see how SSL improves security in any way on a private home network.

Chunkers:

--- Quote from: Alex Atkin UK on May 18, 2024, 07:08:35 PM ---I continue to use http to avoid this hassle, also as I have custom cgi scripts my server probes on pfSense to monitor router activity.

I just don't see how SSL improves security in any way on a private home network.

--- End quote ---

thanks, thats helpful, and give me pause for thought :)

Alex Atkin UK:
I mean sure if you have malware on the network it can snoop your login password without SSL.  But then if you have malware on your network it could also be a keylogger on the PC or just brute-force the login.  So SSL seems kinda redundant at that point.

kitz:
I think I'd tend to agree wondering if it is worth it.   
I get errors if working on the website with the pages held on my PC.   There's also the warning padlock if you visit your modem/router.  However the effort involved in sorting it if it is just you on your LAN can be a pita. Youre not trying to prove to customers that youre keeping any financial transactions or customer data secure and establishing a secure encrypted connection between your webserver and their browser.

Yes, you do need a registered domain as you need to set a CNAME & set up the DNS server also iirc the max time for letsencrypt certs are 3month, so you'd need to remember to redo every 3mth. Setting up SSL may be a piece of cake for some, but I was more than happy to let my webhosts sort it all for the main site.

Navigation

[0] Message Index

[#] Next page

Go to full version