Certificate error

stephenw10

It has to trust the CA that signed it. What is the actual cert error the browser shows?

It's not a problem though, that's the expected default behaviour.

Antibiotic

@stephenw10
your connection to this site is not secure
I had put pfsense certificate in trusted root place

the other

@Antibiotic just the server certificate or the CA certificate as well? You need the latter...(so your browser assumes your own CA is trustworthy)...

johnpoz

@Antibiotic if your just using the self signed cert pfsense generates, I don't know how you can trust this CA.. Because its not available to download..

Normally browsers will allow you to add an exception so it doesn't warn you every time.

Or just create your own CA, have your browser trust that CA, and then create and sign a cert with that CA for your webgui..

Antibiotic

@the-other warning : cert for this site is invalid

johnpoz

@Antibiotic what cert? the selfsigned cert pfsense creates on its own, or one you created with your own ca?

Antibiotic

@johnpoz said in Certificate error:

cert pfsense creates on its own

cert pfsense creates on its own

stephenw10

That can't work because there's no way to add the CA cert to the client so it will accept it.

You need to create a CA in pfSense. Use that to create a new server cert to use for the webgui. The import the CA cert ito the client so it trusts the server cert.

Antibiotic

@johnpoz I dont understanding. do I need to create additional CA client sert and put him to Windows trust cert as well?

stephenw10

Windows needs the CA cert so that when it sees the server cert in pfSense created by that it will trust it.

Antibiotic

@stephenw10 So , i need to delete default pfsense web gui cert. Creare new server and client cert and put both to Windows trust store?

stephenw10

Well I wouldn't delete the old webgui (server) cert before you created a new one! I don't think pfSense will allow you to do that.

Windows only needs the CA cert.

Antibiotic

@stephenw10 I did , put client CA to windows trsted store but nit working(((

stephenw10

Same error?

I would expect that to work so I would check the Windows has actually imported it correctly.

Antibiotic

@stephenw10 Yes same error

Antibiotic

@johnpoz

https://forum.netgate.com/topic/187774/port-restriction-rule

the other

@Antibiotic hm, strange...
I just imported my self-signed CA cert in my browsers certs (works for firefox as well as cromium under ubuntu, even working for androids).
With ubuntu I just put my CA cert into my browser's cert place, with android I imported into system. Both working...

So, did you import the CA cert or a server cert done with that CA? You need the former... :)

Antibiotic

@the-other I import CA client cert manually to trust store ,but its windows machines

stephenw10

@Antibiotic said in Certificate error:

I import CA client cert

There is no 'CA client cert' there is just the CA cert. This:

Antibiotic

@stephenw10

Creafed 2 cert for server and client and put to windows trust
store HomeCA