Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    May 2017
    Posts
    2

    Default Signed Certificate Help!

    Hello - I would really like some help with certificates on my Untangle instance at home. Please excuse my post if this is something that has been extensively covered in another post. I won't be offended if you refer me to another forum discussion and close this one.

    I support about 5 business instances of Untangle for Techability IT, LLC based in Columbus, GA and would like to become familiar with Untangle certificates.

    Please pardon my inexperience with certificates. They have never been my strong suite.

    i am getting a certificate error when I open my Untangle web administration page. I have went into the SSL Inspector app on my Untangle instance and downloaded the root certificate and root certificate installer. I installed and clicked to install in Firefox. I usually run Google Chrome though.

    I continue to get the certificate error though. SSL inspector is actually turned off in my instance as I cant turn it on until I get the certificate installed and working on all of my devices.

    Could you please offer me some assistance or point me to an informative document? I have searched for a document to show how to do this and can't seem to find something that fits my need.

    Also, I am getting a certificate error when connecting to my Ubiquiti Cloud Key. I contacted Ubiquiti support and they sent me the below article. The first step states that I will need to buy signed SSL certificate from a web hosting provider. Is this something that Untangle can accomplish?

    https://help.ubnt.com/hc/en-us/artic...ontroller-page

    Thank you in advance!

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,579

    Default

    The SSL inspector has nothing to do with anything. Certificates are all managed in config -> administration -> certificates.

    There is a certificate authority, that provides a root certificate. Installing that root certificate on each machine allows Untangle's SSL inspector to do its job without errors.

    Administration is below, in the server certificates section. You can generate a new one, or you can install one provided from a real provider. Self signed certificates will throw errors in browsers, real ones won't. Your Cloud Key is doing the exact same thing, using a self signed certificate. These errors are NORMAL. Unless you want to make your own certificate authority, you'll go broke putting real certificates on everything.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    May 2017
    Posts
    2

    Default

    Understood. I definitely don't want to go broke for certificates of all things. And I definitely know that the errors are normal. But still, I would like the experience of implementing something that gets rid of the errors. That's the only real reason I run Untangle at home. I enjoy becoming familiar with the product and having a "test environment" that runs as my personal production environment to experiment with before making any changes on customer networks.

    SSL Inspector is turned off so I understand that it has nothing to do with the errors I am getting. I've experimented a bit with it on and felt the effects of not having certificates installed on each machine. Nonetheless, I would like to refine my knowledge when it comes to certificates. There has to be a way to get rid of these self signed errors while becoming more familiar with the product (and certificates in general honestly).

    Thanks for the input.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    21,579

    Default

    Then you want to create and maintain your own authority. This creates a public key for that authority you can install on any device that allows that device to trust any certificate made. If you do this, you can make a family of self signed things that can go on all your devices without having to manually install each and every certificate.

    If you do this, beware that Firefox maintains its own certificate store. Edge, IE, and Chrome will use the Windows certificate store, so be clear on what your browser needs.

    OpenSSL is available on most Linux distributions, and honestly is the easiest way I know to tinker. Here's a primer: https://jamielinux.com/docs/openssl-...ate-authority/

    I wouldn't even bother with Microsoft's Certificate Services, it's an overly complicated mess that creates the situation you're in. Certificates aren't hard, just demanding.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2