• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

SSL Certificate Authority Error Upon Initial Install

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
4 Posts 2 Posters 945 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nathan99403
    last edited by Sep 2, 2018, 5:44 PM

    Guys, do I actually have to get my own SSL cert signed by a secure server for this thing to work properly out of the box ?If so I need some advice on obtaining one, or otherwise information on how to get rid of this Chrome version 58+ SSL Certificate Authority Error that is now plaguing the internet as of such...

    ERROR REPORT LOGIN 192.168.1.1
    FIRST DAMN THING YOU SEE

    Your PC doesn’t trust this website’s security certificate.
    The hostname in the website’s security certificate differs from the website you are trying to visit.
    Error Code: DLG_FLAGS_INVALID_CA
    DLG_FLAGS_SEC_CERT_CN_INVALID
    HELP ME FIX THIS PLEASE WORD FOR WORD
    all-ready made new CA & Certificate authoritive signatures
    Now do they need to be signed by a secure encoder online?
    If so I need step by step instructions from there
    Thank YOU
    MWHN

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by stephenw10 Sep 2, 2018, 7:16 PM Sep 2, 2018, 7:02 PM

      That's not a problem, that's the expected behaviour. The Certificate is self-signed so Chrome does not trust it by default.
      You can replace it with a cert signed by a known CA.
      You can import the CA you just created so it sees the new server cert as valid.
      You could use a Let's Encrypt cert: https://www.netgate.com/docs/pfsense/certificates/acme-package.html
      You could just use a different browser and import the certificate permanently.
      Or you could accept that behaviour in Chrome and just acknowledge the warning every time. It forces you to check the site is correct rather than just entering your password in something that looks like your firewall because it has a green padlock.

      Steve

      1 Reply Last reply Reply Quote 0
      • N
        nathan99403
        last edited by Sep 2, 2018, 8:13 PM

        Thanks Stephen,
        All that you stated is true; however, in general I tried the ACME approach and got a secure signed certificate now the web configurator still has a certificate error even though its signed. Imported the certificate as well still s no go.
        What am I missing
        Thanks
        NWB

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Sep 2, 2018, 8:31 PM

          The certificate probably doesn't match the server name. You need to add the fqdn as an alternate name. I also added an IP address in there so I can connect either way. It worked here for me in Chromium after I imported the CA that signed the new cert.

          Steve

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received