How to stop Certificate warnings?
How to stop Certificate warnings?
Hi, what are the steps to take to avoid Certificate warnings, after entering the URL for the CG WebGUI into a browser?
Re: How to stop Certificate warnings?
Hi,
The administration Web GUI uses HTTPS with a self signed certificate by default. That's why you get an invalid security certificate warning the first time you connect to the Web GUI. To avoid that warning again and again you can permanently store that certificate into your Web browser.
Please note that prior to trust (and store) a self signed certificate, it's best practice to make ensure that you trust the right certificate. To do so, you can compare its SHA1/SHA256 fingerprints displayed by your Web browser against its fingerprints displayed by the CLI. By default the self signed certificate used by the Web GUI is included in a TLS object called default. To print the SHA1/SH265 fingerprints of the default certifciate, please use the following command:
To print the TLS object associated to the administration Web GUI, please use the following command:
The default TLS object is automatically generated during the first CG startup and is unique to each CG appliance. If you reinstall your CG appliance, a new [certificate/private key] pair is generated and then you will get a warning again. You can avoid that warning by saving the administration TLS object into files and reload it into your CG appliance after having reinstalled your CG appliance.
You can use the [SECURITY] > [TLS Certificates] > [Manage TLS Objects] Web GUI page to get the list of TLS objects. The screenshot below shows a list of TLS objects containing a single element called default.
If you click on the lock icon in the Load/Save column you will get the following screen that gives you the possibility to save/load TLS components (mainly a certificate and a private key).
It's also good to know that you can use a certificate signed by a CA (Certificate Authority) instead of a self signed certificate for the Web GUI. Please refer to the following documentation for further information: https://www.cacheguard.net/doc/command/tls.html.
Best Regards,
The administration Web GUI uses HTTPS with a self signed certificate by default. That's why you get an invalid security certificate warning the first time you connect to the Web GUI. To avoid that warning again and again you can permanently store that certificate into your Web browser.
Please note that prior to trust (and store) a self signed certificate, it's best practice to make ensure that you trust the right certificate. To do so, you can compare its SHA1/SHA256 fingerprints displayed by your Web browser against its fingerprints displayed by the CLI. By default the self signed certificate used by the Web GUI is included in a TLS object called default. To print the SHA1/SH265 fingerprints of the default certifciate, please use the following command:
Code: Select all
tls fingerprint default
Code: Select all
admin tlsYou can use the [SECURITY] > [TLS Certificates] > [Manage TLS Objects] Web GUI page to get the list of TLS objects. The screenshot below shows a list of TLS objects containing a single element called default.
- tls-manage.png (28.04 KiB) Viewed 12858 times
- tls-load-save.png (20.01 KiB) Viewed 12858 times
Best Regards,