pfSense FreeNAS ssl

[James1432]

Happy New year to all!!

This is probably a real noob question..

Been following the guides set up by Joshua Ruelig for the plugins on FN9.10
Pleased to say FreeNAS/plex and nextcloud work beautifully.. also set up a pfsense router and have a FQDN for all of them bar plex and no external connection for FreeNAS. The nextcloud plugin connects to godaddy via dns resolver on pfsense via http.

Question is how do I create a an SSL for all of them? I have a godaddy SSL and would like to use that if possible. Godaddy are charging $100 for the install. Managed to get the godaddy guy to say that I need a intermediate cert from their repository.

Forgive me if I'm wrong but thought I could cover all my nodes with the same SSL on pfSense?

Regards

James

 

[dlavigne]

Did you find a way to do this?

 

[m0nkey_]

If you want to cover all your web applications, you can set-up a reverse proxy (Squid or ha-proxy) on your pfSense box and use Lets Encrypt to generate a valid SSL certificate.

https://letsencrypt.org/getting-started/

 

[James1432]

Didn't go any further with godaddy in the end dlavigne. Thanks m0nkey will give that a go! couple of questions though if I may..

Assuming that I am doing this install on pfsense or it it per device?

is it a full ssl cert?

How do I create one to include my sans?

i.e nextcloud, freenas etc

Sorry awful at ssl

Regards

James

 

[James1432]

Did you find a way to do this?

No joy.. went to the godaddy ssl repo and downloaded the . pem file but wasn't in the right format again. Had no idea what to do from that point but the Apache bsd file is there. Sorry my knowledge gos as far as youtube and people like your good self.

 

[Jailer]

How do I create one to include my sans?

A wildcard cert is what you would need and that's going to be expensive.

Set up a proxy server as @m0nkey_ has suggested and go with let's encrypt. Lets Encrypt does not support wildcard certificates so you'll have to either set up your proxy to do SSL termination or set each jail up as a subdomain and get a cert for each.

 

[James1432]

Hey Jailer,

Many thanks for that! will get on this in the morning

was just looking at the Nextcloud forum and noticed the same process for nextcloud ssl generation in nginx.

Not wanting to assume anything can I go ahead and do that?

Regards

James

 

[Jailer]

was just looking at the Nextcloud forum and noticed the same process for nextcloud ssl generation in nginx.

Not wanting to assume anything can I go ahead and do that?

I have no idea what that process is. Is it for generating a self signed certificate?

 

[James1432]

so sorry..

Followed m0nkeys link to letsencrypt and went through the install methods there, seems pretty straight forward?

The install method I was planning to use as described there was the ssh certbot.. for apache.. on freebsd. For both pfsense and the freenas seperately.. then

ssh certbot.. for nginx.. on freebsd directly in the Nextcloud jail?

I also assume that plex needs to be kept in squid transparent proxy?

 

[Kevin Horton]

I created a dataset for letsencrypt, and added it to multiple jails, mounting it at /etc/letsencrypt in each jail. This lets me use the SSL certificates in multiple jails, but only have to create and update them from one jail.