SSL Weirdness [SOLVED]

[TheLatestWire]

Hi,

Just a short time after logging into my OPNsense system and adjusting a firewall alias and then logging out, I tried to log back in and was presented with a SEC_ERROR_UNKNOWN_ISSUER insecure connection warning that I had not seen just 20 minutes earlier.  I hadn't installed any updates in those twenty minutes.

Maybe I'm just misunderstanding or forgetting the webconfigurator website behavior but it just seemed odd. Is the correct cert for the web/gui front end to OPNsense the /var/etc/cert.pem file?  Maybe I'm just being paranoid, it's just that all my browsers on all my systems, suddenly told me it was an untrusted cert, when just 20 minutes earlier it was trusted.

Any insight or suggestions would be greatly appreciated.

Many thanks,
ObecalpEffect.

[TheLatestWire]

I see now that the cert just expired this evening.

The certificate expired on March 18, 2017 at 8:02 PM. The current time is March 18, 2017 at 8:14 PM.

What's the best method for installing a new cert?  Should this be automatic?  Can I install my own CAcert cert?

Thanks,
ObecalpEffect.

[TheLatestWire]

Well I created a CSR on the system after logging in with ssh, submitted it and received my new cert at CAcert and moved /var/etc/cert.pem to /var/etc/cert.pem.old then placed the new cert in /var/etc/cert.pem but it wouldn't take affect when I restarted all the service and a reboot just overwrote it with the expired self signed cert.  :/

ObecalpEffect

[fabian]

You need to add your certificate to the configuration in the certificate settings and after that, you will have to choose it in the advanced settings.
After that, it should be persisted for the next boot.

Kind regards

Fabian

[TheLatestWire]

Thank you Fabian!  I was able to install my CAcert and now it's working well.