Connecting to OS on internal LAN: I get website/cert error

[b1k3rdude]

So trying to search for help with this online is in a word 'unhelpful' as all the advice is referring to having the issue with external websites. I tried search for both of the errors on here, but only found one post and that didn't apply to my situation.

When I try to access my OS box (192.168.1.1) on my internal LAN I am getting the following errors from Firefox & Kaspersky (see attached). I have tried adding the IP to the trusted sites in internet setting (Win10) and trusted URLs in Kaspersky, but I still keep getting that message.

Now while I don't have to access the firewall all that often, its still no less annoying. Any guidance would be welcome.

[meyergru]

If you address your OpnSense via https://192.168.1.1, you will find a self-signed certificate that is issued to Opnsense.localdomain, so your browser complains. Normally, you can create an exception for this.

However, Kaspersky intercepts any SSL traffic and uses an internal CA to create a dummy certificate to fool browsers into believing that a valid SSL certificate has been presented (it smuggles its own internal CA into the browser to make this happen). Whenever you inspect a certificate in your browser, you can see that it is issued by Kaspersky's internal CA.

Since a while now, some types of certificates are no longer accepted by chromium based browsers, like wildcard certificates for TLD sites like OpnSense.localdomain (whereas OpnSense.localdomain.com work work).

I have never trusted Kaspersky and always disabled that kind of web traffic interception completely. It does not work for some bank websites using certificate pinning as well.

FWIW, this is a Kaspersky problem and should be solved by either having that feature disabled completely or for the specific URL. Maybe you could create a DNS alias for OpnSense.localdomain and try that in the called URL.