Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSL Certificate Authority Error Upon Initial Install

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    4 Posts 2 Posters 956 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nathan99403
      last edited by

      Guys, do I actually have to get my own SSL cert signed by a secure server for this thing to work properly out of the box ?If so I need some advice on obtaining one, or otherwise information on how to get rid of this Chrome version 58+ SSL Certificate Authority Error that is now plaguing the internet as of such...

      ERROR REPORT LOGIN 192.168.1.1
      FIRST DAMN THING YOU SEE

      Your PC doesn’t trust this website’s security certificate.
      The hostname in the website’s security certificate differs from the website you are trying to visit.
      Error Code: DLG_FLAGS_INVALID_CA
      DLG_FLAGS_SEC_CERT_CN_INVALID
      HELP ME FIX THIS PLEASE WORD FOR WORD
      all-ready made new CA & Certificate authoritive signatures
      Now do they need to be signed by a secure encoder online?
      If so I need step by step instructions from there
      Thank YOU
      MWHN

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by stephenw10

        That's not a problem, that's the expected behaviour. The Certificate is self-signed so Chrome does not trust it by default.
        You can replace it with a cert signed by a known CA.
        You can import the CA you just created so it sees the new server cert as valid.
        You could use a Let's Encrypt cert: https://www.netgate.com/docs/pfsense/certificates/acme-package.html
        You could just use a different browser and import the certificate permanently.
        Or you could accept that behaviour in Chrome and just acknowledge the warning every time. It forces you to check the site is correct rather than just entering your password in something that looks like your firewall because it has a green padlock.

        Steve

        1 Reply Last reply Reply Quote 0
        • N
          nathan99403
          last edited by

          Thanks Stephen,
          All that you stated is true; however, in general I tried the ACME approach and got a secure signed certificate now the web configurator still has a certificate error even though its signed. Imported the certificate as well still s no go.
          What am I missing
          Thanks
          NWB

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            The certificate probably doesn't match the server name. You need to add the fqdn as an alternate name. I also added an IP address in there so I can connect either way. It worked here for me in Chromium after I imported the CA that signed the new cert.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.