SSL Certificate Authority Error Upon Initial Install
-
Guys, do I actually have to get my own SSL cert signed by a secure server for this thing to work properly out of the box ?If so I need some advice on obtaining one, or otherwise information on how to get rid of this Chrome version 58+ SSL Certificate Authority Error that is now plaguing the internet as of such...
ERROR REPORT LOGIN 192.168.1.1
FIRST DAMN THING YOU SEEYour PC doesn’t trust this website’s security certificate.
The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_INVALID_CA
DLG_FLAGS_SEC_CERT_CN_INVALID
HELP ME FIX THIS PLEASE WORD FOR WORD
all-ready made new CA & Certificate authoritive signatures
Now do they need to be signed by a secure encoder online?
If so I need step by step instructions from there
Thank YOU
MWHN -
That's not a problem, that's the expected behaviour. The Certificate is self-signed so Chrome does not trust it by default.
You can replace it with a cert signed by a known CA.
You can import the CA you just created so it sees the new server cert as valid.
You could use a Let's Encrypt cert: https://www.netgate.com/docs/pfsense/certificates/acme-package.html
You could just use a different browser and import the certificate permanently.
Or you could accept that behaviour in Chrome and just acknowledge the warning every time. It forces you to check the site is correct rather than just entering your password in something that looks like your firewall because it has a green padlock.Steve
-
Thanks Stephen,
All that you stated is true; however, in general I tried the ACME approach and got a secure signed certificate now the web configurator still has a certificate error even though its signed. Imported the certificate as well still s no go.
What am I missing
Thanks
NWB -
The certificate probably doesn't match the server name. You need to add the fqdn as an alternate name. I also added an IP address in there so I can connect either way. It worked here for me in Chromium after I imported the CA that signed the new cert.
Steve