Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    "Certificate is not valid" While Also "Certificate is OK"

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 1.1k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • areckethennuA Offline
      areckethennu
      last edited by

      I've just done a fresh install of pfSense CE 2.5.2 onto a new Protectli VP2410 and set things up. I'm now trying to get the pfSense certificate into Windows 10 so I can browse to the box and not get the "Your connection is not private" warning and have to click through it. Supposedly, I managed to export the certificate from my browser and imported it into Windows via MMC. But, when I try browsing to the box, I get the same "Your connection is not private" warning. This time, though, when I click on the View Site Information area of the URL bar, along with seeing the message "Certificate is not valid" on the overview area, I also see the message "This certificate is OK" under Certification Path tab (and all seems good on the General tab, as well).

      On my initial certificate export/import process, I went to View Site Information > Certificate is not valid > Details > Copy to File and accepted all the defaults (DER encoded binary X.509 (.CER)) for the resulting Certificate Export Windows. I then searched for MMC on my computer, went to File > Add/Remove Snap-In > Certificates > Add > Computer Account > Local Computer. Then I right-clicked on Console Root > Certificates (Local Computer) > Trusted Root Certification Authorities > Certificate and chose All Tasks > Import. I picked the certificate file I just exported and "Place[d] all certificates in the following store" (Trusted Root Certification Authorities). Everything was fine.

      I then re-exported the certificate but chose the second format (Base-64 encoded X.509 (.CER)) in the Certificate Export Wizard. Re-imported it and got the same result.

      Any suggestions?

      I'm just a home user with pfSense 23.09-RELEASE (amd64) on a Protecli VP2410

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator @areckethennu
        last edited by

        @areckethennu if you want your cert to not throw any flags, you really need either use a cert that is signed by CA you trust, like acme. Or you need to create you own CA, and have your browser trust that CA.

        Not sure you can get any sort of selfsigned cert to not throw any flags, even lets you in without having to click an extra thing.

        Here is a walk through I did back in 2019
        https://forum.netgate.com/post/831783

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        areckethennuA 1 Reply Last reply Reply Quote 1
        • areckethennuA Offline
          areckethennu @johnpoz
          last edited by

          @johnpoz Thanks for that walkthrough. I'd done something like that on my old pfSense box back in the day, but had entirely forgotten. I ran through the Certificate Manager routine (very similar today), but still had a problem: "This certificate cannot be verified up to a trusted certification authority." But, I went back through the MMC bit and added the CA I just created. That cleared it.

          Thanks, again.

          I'm just a home user with pfSense 23.09-RELEASE (amd64) on a Protecli VP2410

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator @areckethennu
            last edited by

            @areckethennu glad you got it sorted and I could be of help.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.