Web Interface Not Secure

[t84a]

At some point, when accessing the web interface, it now shows it as NOT SECURE.  The https is red and crossed out. I don't remember changing anything.  I did a search and it told me to find the certificate SYSTEM -> TRUST -> AUTHORITIES but there are no certificates. There is one under CERTIFICATES.  Any help would be appreciated.  Thanks

[OPNenthu]

You didn't say which browser but what you're describing is typical for self-signed certs.  OPNsense creates one (it's the "Web GUI TLS certificate" under System->Trust->Certificates) which is just to provide HTTPS support for internal access.  If that's your use case then you can ignore it and add a browser exception to silence the warning. 

The traffic is still encrypted.  It's only the browser warning you because the cert is not signed by a public CA or any private one that the browser knows about.  Different browsers show this in different ways, but you can check the certificate from within the browser and confirm that it's being used.

Your web interface is secure assuming you have working authentication (at least a decent password) and that you haven't opened the management port(s) on WAN.  That would be a different matter.

[t84a]

Sorry. Google Chrome.

[OPNenthu]

I don't know if I resolved your concern or not. Let us know.

If it's still happening, can you take a couple screenshots and click on the "not secure" message to show us what is listed there?  Also, show us your web GUI certificate in OPNsense.

[BrandyWine]

Chrome? The ABC company, goole?

Self-signed certs is the issue for the notice. Try installing the cert as "trusted", then the notice will go away.

https://www.codegenes.net/blog/getting-chrome-to-accept-self-signed-localhost-certificate/