OPNsense Forum

English Forums => General Discussion => Topic started by: cnaslund on January 24, 2018, 01:49:51 am

Title: OPNsense 17.7.12-amd64 Web GUI HTTPS Not Trusted by Chrome63 or Edge
Post by: cnaslund on January 24, 2018, 01:49:51 am

Logging into Opnsense 17.1.12 URL using either an IP or a server name like opnsense.localdomain with Chrome 63 gives a warning that the OPNSense CA is not trusted.  I added the CA certificate into Trusted Root Certificates and the Browser (as well as Windows 10 Edge) refuses to trust the certificate. 
I also created a self-signed certificate using the OpenSSL v3.ext in creation to use the new SubjectAltName with the server domain as as alternate IP.1 IPV4 address and added it to the Trust section of Opnsense.  I then added this self-signed certificate (along with my rootkeyCA.pem key) to my browsers.  Both browsers still complain about OpenSense's CA certificate as being invalid. 
Please advise on how I can fix this CA certificate.

Title: Re: OPNsense 17.7.12-amd64 Web GUI HTTPS Not Trusted by Chrome63 or Edge
Post by: franco on January 24, 2018, 07:32:54 am

Hi there,

If you a are worried about trust why not buy a certificate or roll out Let's Encrypt via the os-acme-client plugin?


Cheers,
Franco

Title: Re: OPNsense 17.7.12-amd64 Web GUI HTTPS Not Trusted by Chrome63 or Edge
Post by: cnaslund on January 29, 2018, 11:48:33 pm

The issue is that my browser of choice complains about the invalid CA certificate that is provided with OPNSense installation.  I just want the OPNSense Website to be trusted by my browser(s).  Please advice.

Title: Re: OPNsense 17.7.12-amd64 Web GUI HTTPS Not Trusted by Chrome63 or Edge
Post by: franco on January 30, 2018, 12:14:45 am

Sure, please buy a certificate or use Let's Encrypt (also usable via os-acme-client plugin).


Cheers,
Franco

Title: Re: OPNsense 17.7.12-amd64 Web GUI HTTPS Not Trusted by Chrome63 or Edge
Post by: mimugmail on January 30, 2018, 06:36:13 am

This is expected behavior, also with commercial vendors like Sophos or Cisco ASA. You'll get a self signed certificated created by the wizard.

If you want it to stop do this with Lets Encrypt, or create a CA with OPNsense and import it to your system or just buy one (GlobeSSL should be one of the cheapest)

Title: Re: OPNsense 17.7.12-amd64 Web GUI HTTPS Not Trusted by Chrome63 or Edge
Post by: cnaslund on February 01, 2018, 06:24:08 am

I followed your advise and tried Let's Encrypt.
Using the plug-crashes OPNsense 17.7.12-amd64. I installed the plug-in and am trying to figure out how to use it. The short tutorial is not very clear to me and does not match the configuration settings in the current version. It would be appreciated if you would assist me. I'm new to this.

Attached are the log files and the error contents when the OPNSense Server warns of a serious error.

Please advise.