Archive > 20.1 Legacy Series
Self-signed CA -> Certificate - Firefox error
lysemose:
Hi
I tried to create a CA from OPNsense and afterwards a website certificate from that CA.
I assigned it to the web interface of my OPNsense firewall.
But Firefox doesn't like the CA/certificate created stating an error like this
SEC_ERROR_INADEQUATE_CERT_TYPE
I imported the CA into Firefox certificate store without any difference.
If I choose not to trust it for websites within Firefox I can access the web interface again.
Some searching show that, "I confirmed this by generating a new test CA with the the extended usage field excluded, then generating a new SSL Cert The certificate verifies properly now."
Have some of you a workaround or fix?
Thanks
ArminF:
Help us a bit better understanding your problem.
You create a local CA internally System - Trust - Authorities
Afterwards you created a self signed certificte and here is where i lost you...
You installed it where exactly? On a webserver hosting a website?
Or on your OPNSense which actually has already one.
Also for Server you need to have a server cert. Webserver usually to establish the handshake.
For client cert authentication you would need a client cert.
Also import the local authority cert (there is a p12 option) into your pc maybe
hope this helps
a
lysemose:
Thanks for your reply.
Yes I created a local CA and issued a server certificate from that CA to my OPNsense firewall, opnsense.domain.local, and assigned the new certificate to the web management interface... yes the one that actually have one self signed certificate from the installation process.
I hope that helps...
Looked/followed through this guide
https://docs.opnsense.org/manual/how-tos/self-signed-chain.html#the-certificate
ArminF:
Hello lysemose,
you are welcome.
Let me try this today at home and i will report back.
Found this as well: https://superuser.com/questions/1359755/trust-self-signed-cert-in-chrome-macos-10-13
I guess chrome will react the same.
armin
lysemose:
I can confirm that Chromium acts the same...
I will also try to see which certificate I choose and retry to see if I made a mistake somewhere
Thanks!
Navigation
[0] Message Index
[#] Next page
Go to full version