How to stop Certificate warnings?

Discuss and get help configuring CacheGuard OS
Post Reply
Posts: 55
Joined: 15 Feb 2018 12:04

How to stop Certificate warnings?

Post by Douglas » 28 Feb 2018 12:25

Hi, what are the steps to take to avoid Certificate warnings, after entering the URL for the CG WebGUI into a browser?

User avatar
Posts: 157
Joined: 08 Aug 2015 20:38

Re: How to stop Certificate warnings?

Post by david » 28 Feb 2018 15:17


The administration Web GUI uses HTTPS with a self signed certificate by default. That's why you get an invalid security certificate warning the first time you connect to the Web GUI. To avoid that warning again and again you can permanently store that certificate into your Web browser.

Please note that prior to trust (and store) a self signed certificate, it's best practice to make ensure that you trust the right certificate. To do so, you can compare its SHA1/SHA256 fingerprints displayed by your Web browser against its fingerprints displayed by the CLI. By default the self signed certificate used by the Web GUI is included in a TLS object called default. To print the SHA1/SH265 fingerprints of the default certifciate, please use the following command:

Code: Select all

tls fingerprint default
To print the TLS object associated to the administration Web GUI, please use the following command:

Code: Select all

admin tls
The default TLS object is automatically generated during the first CG startup and is unique to each CG appliance. If you reinstall your CG appliance, a new [certificate/private key] pair is generated and then you will get a warning again. You can avoid that warning by saving the administration TLS object into files and reload it into your CG appliance after having reinstalled your CG appliance.

You can use the [SECURITY] > [TLS Certificates] > [Manage TLS Objects] Web GUI page to get the list of TLS objects. The screenshot below shows a list of TLS objects containing a single element called default.
tls-manage.png (28.04 KiB) Viewed 1815 times
If you click on the lock icon in the Load/Save column you will get the following screen that gives you the possibility to save/load TLS components (mainly a certificate and a private key).
tls-load-save.png (20.01 KiB) Viewed 1815 times
It's also good to know that you can use a certificate signed by a CA (Certificate Authority) instead of a self signed certificate for the Web GUI. Please refer to the following documentation for further information:

Best Regards,
David Jan
CacheGuard Technical Team

Post Reply