Managing pfSense via SSH: Persistent SSL certificates?

Good afternoon!

I’m new to this whole SSL thing, please excuse my inexperience.

I have successfully created and then installed the certificate authority, sub-authority and certificate for both my windows 10 and macos Mojave machines. They are able to securely access my pfSense firewall via https, both from the internal LAN and from the WAN, externally.

When I tunnel through SSH, I lose the SSL security. Is there any way to point the localhost:443 connection to that same pfSense keychain that already exists on the machines?

If not, how would I create the keychain for that tunneled connection?

Thank you for any and all contributions to assist.

-Darryl

Whyt wouldn’t you just setup a VPN connection to the pfsense box for remote access from outside of the lan? You could then ssh into it if needed.

2 Likes

Agree with @BlackBoxSystems Open the fewest ports possible on the WAN side. If there’s a compromise or DOS available for the webserver or SSH, your router could go down or get pwned. Less chance of a compromise for openvpn and you’d see logs of the vpn connection attempts by an attacker.

While you’re at it, firewall the open port with a white list - only accept connections from the IP addresses/ranges you know you’ll be using as clients.

1 Like

Don’t open WAN ports as it is just not a good idea as you are increasing your attack surface. Use OpenVPN.

Thank you for the replies. I’ll go with the VPN option. If there are any issues, I’ll open a new thread for that topic.

All feedback very much appreciated.