Hi,
I wanted to get rid of the no-https problem preventing me to use Firefox to access the OPNsense GUI and looked for a solution. I found a description of how to generate and install a self signed CA and certificate.
The part on OPNsense worked fine. But on the client side (Windows, Firefox, Chrome) something went wrong (most probably that I made an error myself) and now I can't access the GUI any more. :-(
Chrome gives me a NET::ERR_CERT_INVALID and when I click on the error I get:
PEM encoded chain, followed by two different certificates.
Can these help me to solve the problem? If yes, how?
I'm really not familiar with signing/certificates....
Axel
You need to import the CA certificate into your Windows trust store to make it work because Chrome is using it. If you cannot continue, you can use Firefox or IE to download the CA certificate from OPNsense.
You can also return to a backup from before the certificate change. Option 13 from the console.
Bart...
Quote from: fabian on May 20, 2018, 06:41:34 PM
You need to import the CA certificate into your Windows trust store to make it work because Chrome is using it. If you cannot continue, you can use Firefox or IE to download the CA certificate from OPNsense.
Thank you for the reply.
I know that I have to import TWO certificates: one for the self-signed CA. That worked, but the certificate for the site (OPNsense) failed.... and I can't find it locally...
And ALL the browsers request https, OPNsense answers (probably correctly) but due to the missing 2nd certificate the connection/authentication fails...
Currently there's no way (regardless of browser) to connect to the OPNsense firewall router using http/https.
Quote from: bartjsmit on May 20, 2018, 08:42:56 PM
You can also return to a backup from before the certificate change. Option 13 from the console.
Bart...
Thanks for the reply, this looks like it could work. I'll try that.
Quote from: mossi2000 on May 21, 2018, 03:41:07 PM
Quote from: bartjsmit on May 20, 2018, 08:42:56 PM
You can also return to a backup from before the certificate change. Option 13 from the console.
Bart...
Thanks for the reply, this looks like it could work. I'll try that.
Yep! worked like a charm.
Ready for the next trial.... :-)
Quote from: fabian on May 20, 2018, 06:41:34 PM
You need to import the CA certificate into your Windows trust store to make it work because Chrome is using it. If you cannot continue, you can use Firefox or IE to download the CA certificate from OPNsense.
This error message from Google Chrome Browser is one of the most common problems that everyone faces in our day to day life. Google Chrome warns you whenever it finds out any abnormal tracks taken while you browse things on the web. If you are getting the SSL error Net::ERR_CERT_DATE_INVALID (http://net-informations.com/q/mis/ssl.html) in chrome, it means your Internet connection or your computer is preventing Chrome from loading the page securely and privately.
Solutions:
Check System Date and Time
Disable Antivirus SSL Connection
Clear Cookies and Cached Files
Reset Chrome Browser
Open Chrome in Incognito Mode
Expired SSL Certificates
Update Chrome Browser