Thanks for your help Lyle. I've seen this solution...
SSLEngine On SSLCertificateFile /etc/httpd/ssl/*.serverdensity.com.crt SSLCertificateKeyFile /etc/httpd/ssl/*.serverdensity.com.key SSLCertificateChainFile /etc/httpd/ssl/gd_bundle.crt But since pfSense uses lighttpd, I don't know how to add this line. And it get's overwritten by the xml config file during reboot. -Jon From: Lyle Giese [mailto:l...@lcrcomputer.net] Sent: Thursday, January 21, 2010 1:16 PM To: support@pfsense.com Subject: Re: [pfSense Support] Certificate Errors (Safari and Internet Explorer) using GoDaddy Wildcard SSL Certificates for Captive Portal SSL Login Page Chris Buechler wrote: On Thu, Jan 21, 2010 at 3:20 PM, Tancinco, Jon <tanci...@humnet.ucla.edu> <mailto:tanci...@humnet.ucla.edu> wrote: Hello. I'd appreciate any help in getting GoDaddy wildcard certificates for Captive Portal SSL Authentication page configured correctly for IE and Safari browsers. I have entered the certificate and private key from the pem file from GoDaddy. Currently, the authentication page loads fine on Firefox - maybe a bit slow. No SSL errors. On Safari, the authentication page comes up with "can't verify the identity of the website". Using IE, I get the following "There is a problem with this website's security certificate." error. That's a problem with the cert. That means the CA that signed your cert isn't trusted by those browsers. That's what you get at times with cut rate CAs like Godaddy, though that's where we get our certs and I haven't seen any such issues on ours, I have on other certs I've gotten from Godaddy in the past. I would contact them and complain, any cert you pay for should be recognized by all the major browsers. We have a partnership with Network Solutions for certs from them and for websites, there is a way to include intermediate CA certs to make the certs from NetSol valid for all browsers. SSLCertificateFile /etc/httpd/conf/ssl/<name of cert file>.crt SSLCertificateKeyFile /etc/httpd/conf/ssl/<name of key>.key SSLCertificateChainFile /etc/httpd/conf/ssl/inter_ca.crt This last file is what does the magic for a webserver running Apache. I don't know all the ins and outs of this, but this last file is the one that completes the chain from the site cert to the CA certs. I would bet there is something like that available for the GoDaddy certs, but if pfSense has a way to include that I don't know. Here's the link to NetSol's docs on this issue: http://www.networksolutions.com/support/installing-ssl-certificate-topic s/ (click on the big green plus symbol on this screen) Here's a link at GoDaddy on their intermediate CA certs: http://help.godaddy.com/article/869 Lyle Giese LCR Computer Services, Inc.
