Auto-certificate and Chrome

[fabian]

You should not generate a certificate. A SSH key is generated on the command line using the following command:

ssh-keygen -t ed25519

If you use putty, you can use the puttygen tool to generate a new key pair.

[balubeto]

You should not generate a certificate. A SSH key is generated on the command line using the following command:

ssh-keygen -t ed25519

If you use putty, you can use the puttygen tool to generate a new key pair.

With PuttyGen, I created a copy of keys and then tried to connect with the firewall but it displayed the "Server refused our key"message .  How come?

Thanks

Bye

[fabian]

then you have pasted the wrong format.. I don't have putty but I am pretty sure it supports the correct openssh format for public keys.

[balubeto]

Being able to act on the OPNsense VGA console, how do I disable the https protocol and enable the http protocol so that I can again access the GUI using the last protocol?

Thanks

Bye

[fabian]

It usually asks if you reconfigure an interface.

[balubeto]

It usually asks if you reconfigure an interface.

I'm sorry, how do I reconfigure an interface?

Thanks

Bye

[fabian]

option 2 in the menu.

[balubeto]

Thanks to you, I have been able to access the GUI via the http protocol.


I want, however, to use the https protocol, I created again the chain of self-certificates described by your guide.


Now, I attach the Certificates page because I would like you to tell me which button I should click to export this certificate to be able to import it and use it in Chrome.


Thanks


Bye

[fabian]

I don't know how it is called in your language but you should use the export certificate button which does NOT include the private key.

[balubeto]

I don't know how it is called in your language but you should use the export certificate button which does NOT include the private key.

In English, what is this button called and where is it?

Thanks

Bye

[qinohe]

Hey balubeto, you did not do what is on that wiki page, at least not exactly, I can tell from that picture^^

To prevent things going wrong, remove that chain create the chain(again) following that wiki page by the letter.

If you did that, export ca crt, button is the same name.

Greetings, mark

[qinohe]

Also, the reason it's (probably) not working in Chrome/Chromium is because of 'SAN' - Subject Alternative Name'.

Now I would like to see the filled in 'CN -Common Name' to be translated to 'SAN' automatic, but that's not the case - devs?

So, you should translate that to the form exactly. If you did that there is no guaranty from me that it works the way you expect (in Crome).

Change to a different browser if you insist on using self-signed certs., would make it easier on you 

Greetings, mark

[balubeto]

As your guide has not been updated, in attachment, I have summarized the two tables of the Trust in English.

Now, I would like to know if you find something wrong and how I can export the certificate so that Chrome can use it without any problems.

Thanks

Bye

[qinohe]

I quote from the wiki

The thirth certificate will be a server certificate signed by the intermediate CA we just created. This will also be the last one we create for this chain.

The certificate you have generated is neither a server or a CA.

Greetings, mark

[balubeto]

I quote from the wiki

The thirth certificate will be a server certificate signed by the intermediate CA we just created. This will also be the last one we create for this chain.

The certificate you have generated is neither a server or a CA.

Greetings, mark

Sorry, but I only created a self-certificate.

Thanks

Bye