Opera Not Accepting Certificate (solved)
-
@provels said in Opera Not Accepting Certificate:
@johnpoz Tried that before. I used the Internal CA I created for OpenVPN. Added the CA cert to Trusted Roots. Created a new webConfigurator cert and added it to Trusted Roots as well. Still prompted at FW logon. Don't know why but not a big deal. Must be me.
Just for knowledge Provels, where or how to add to Trusted Roots?
-
@NollipfSense After you create the CA, from the CAs tab, choose the gear icon and export the CA cert.
Then you can go to Opera's Menu\Settings\Advanced\Privacy and Security\Manage Certificates, choose the "Trusted Root Certificate Authorities" tab, click the "Import" button and browse to the cert that you exported. If you're a Windows person you can also Google up using the Microsoft Management Console to manage certs.
Peder
MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic) -
On a Mac click on the cert and trust it in keychain.
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
Here i have gone over this like 4 or 5 times over years with pictures every time... Here is the latest version since pics got lost in the forum update.
https://forum.netgate.com/post/831783
I use these certs singed by ca on all devices on my local network that need certs.. Make them good for 10 years and never have to touch them again. No need for acme, etc. And you can use rfc1918 in the san to access them without any complaints from the browser.
-
@provels I am using Opera version 60 and when one clicks on manage certificate, it launches Keychain...there is no option to import the. certificate.
-
This https://wiki.wmtransfer.com/projects/webmoney/wiki/Installing_root_certificate_in_Opera ?
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@NogBadTheBad I had already done that before my first post...still no luck as Proovels had also discovered.
-
@NollipfSense said in Opera Not Accepting Certificate:
@NogBadTheBad I had already done that before my first post...still no luck as Proovels had also discovered.
Well Opera isn't looking at the Certs trusted by your computer, works fine for me using Safari.
You should either use a browser that works or post on the Opera forum, it's not a pfSense issue.
https://forums.opera.com/topic/25032/certificates-refused-by-opera-accepted-by-other-browsers
-
@NogBadTheBad Well, I might try another browser other than Safari or Firefox as these are my regular web browsing browsers.
-
@Gertjan I am using Opera version 60 and when one clicks on manage certificate, it launches Keychain...there is no option to import the certificate. It doesn't present those pop up window as in the Windows OS.
-
Not a solution, but :
I just tried a self-mode cert, installed it in IE11 (Windows 7) -> This was a no go : vert is self signed IE refuses without any possible exception possible.
Firefox was more specific : self signed certs are refused - although I guess this could be over ridden with some internal settings. But in that case ALL self signed certs would be trusted, also the ones it finds on the net. That's a huge no go.
Better : I was using a Let's Enscrypt cert for my pfSense ** access, and "HTTP Strict Transport Security" was active.
this means I just can't replace certs for other certs (using other signing offices like myself) : this was a no go also.What works just great : if you can trust a 30 cm long Internet cable, it is possible to leave the GUI on plain http.
It's just you on the LAN - and only YOU - communicating over a 30 cm cable. Just watch that cable, and check that no body is wire tapping it, and you'll be safe. You shouldn't mind that info goes over that cable non-encrypted.
Put all other users on an second OPTx interface, and on this interface you just lock down any GUI access.
You'll be very safe, no cert hassle - nothing to set up, nothing to maintain.** Let's Enscypt root certs are trusted by any browser so this is also a click-it-and-forget-it solution.
-
Not sure why this is so difficult - can you not google?
On windows opera 60 just uses the windows cert store... Click on the manage your certs and install it..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
Thanks guys for chiming in...I got it working with Vivaldi browser that is very surprising considering it's a chromium like browser just like Opera. So, Vivaldi is for WebGUI.
-
@johnpoz He's using a Mac John
-
Then trust the CA on the mac..
Simple google show to click it to open it up on keychain access, copy it to system and then set its trust to always trusted..
-
@johnpoz said in Opera Not Accepting Certificate (solved):
Then trust the CA on the mac..
Simple google show to click it to open it up on keychain access, copy it to system and then set its trust to always trusted..
John, I said in the first post that it was set to always trust. It not the first time I am dealing with certificates.
-
I see this §$%&#!+ behaviour as well and that's why I switched to Opera (from Safari) where it was handled a bit easier.
I still don't get it why this is enforced on RFC1918 addresses as well. Makes no sense and is a PITA. Safari wants me to enter admin pwd just to access the GUI of a new bought switch (to unsuccessfully save an exception in keychain).
RFC1918 is RFC1918. That's why we have it.
</rant> -
If the rfc1918 is not listed as a san in the cert then your browser is right to yell at you about it..
And there is a big difference in trying to trust or add an exception to a self signed and trusting a CA that signed a cert.. Your first post was about the first and you can trust that cert all day long and new browsers will still yell about it..
As to your first time working with certs - why are you here then? Asking the question? This is all basic 101 level shit..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
@johnpoz said in Opera Not Accepting Certificate (solved):
As to your first time working with certs - why are you here then? Asking the question? This is all basic 101 level shit..
John, I am not the only one that had certificate issue as others had posted to this thread to confirm. The issue wasn't about basic 101 level, and not everyone is a network engineer. I am a network enthusiast, and I got it resolved.
-
@johnpoz said in Opera Not Accepting Certificate (solved):
If the rfc1918 is not listed as a san in the cert then your browser is right to yell at you about it..
This is what my issue was. Once I recreated the FW cert to include the IP in the SAN, it just worked. I was also able to use the FW CA to create one for my FreeBSD NAS (XigmaNAS), export the cert and the key and write them into the appropriate fields in the NAS setup. As far as this being "101 shit", I managed plenty of certs in my career but never needed/wanted to install one on an inside network device. Again, the team knew where the browser was going, so why bother? Besides, if we all knew everything, we'd be answering the questions instead of asking them...
