"Certificate is not valid" While Also "Certificate is OK"

areckethennu

I've just done a fresh install of pfSense CE 2.5.2 onto a new Protectli VP2410 and set things up. I'm now trying to get the pfSense certificate into Windows 10 so I can browse to the box and not get the "Your connection is not private" warning and have to click through it. Supposedly, I managed to export the certificate from my browser and imported it into Windows via MMC. But, when I try browsing to the box, I get the same "Your connection is not private" warning. This time, though, when I click on the View Site Information area of the URL bar, along with seeing the message "Certificate is not valid" on the overview area, I also see the message "This certificate is OK" under Certification Path tab (and all seems good on the General tab, as well).

On my initial certificate export/import process, I went to View Site Information > Certificate is not valid > Details > Copy to File and accepted all the defaults (DER encoded binary X.509 (.CER)) for the resulting Certificate Export Windows. I then searched for MMC on my computer, went to File > Add/Remove Snap-In > Certificates > Add > Computer Account > Local Computer. Then I right-clicked on Console Root > Certificates (Local Computer) > Trusted Root Certification Authorities > Certificate and chose All Tasks > Import. I picked the certificate file I just exported and "Place[d] all certificates in the following store" (Trusted Root Certification Authorities). Everything was fine.

I then re-exported the certificate but chose the second format (Base-64 encoded X.509 (.CER)) in the Certificate Export Wizard. Re-imported it and got the same result.

Any suggestions?

johnpoz

@areckethennu if you want your cert to not throw any flags, you really need either use a cert that is signed by CA you trust, like acme. Or you need to create you own CA, and have your browser trust that CA.

Not sure you can get any sort of selfsigned cert to not throw any flags, even lets you in without having to click an extra thing.

Here is a walk through I did back in 2019
https://forum.netgate.com/post/831783

areckethennu

@johnpoz Thanks for that walkthrough. I'd done something like that on my old pfSense box back in the day, but had entirely forgotten. I ran through the Certificate Manager routine (very similar today), but still had a problem: "This certificate cannot be verified up to a trusted certification authority." But, I went back through the MMC bit and added the CA I just created. That cleared it.

Thanks, again.

johnpoz

@areckethennu glad you got it sorted and I could be of help.