DescriptionConfigure Browser to Trust Self-Signed Certificate
ScopeVersion: All
SolutionVersion: All
Issue: Browser displays certificate error after installing Self-Signed SSL Certificate in Network Sentry for Admin UI Certificate Target.
Solution: In order for the browser to trust the Self-Signed certificate, the certificate must be imported or added as an exception.
1. Export the certificate. There are various methods to do this.
Note: Exporting the certificate may not be possible with Internet Explorer.
FireFox:
To export certificate to use for other browsers:
a. Browse to https://<appliance name>:8443
The message "Your connection is not secure" displays.
b. Click the padlock or "i" next to the URL
c. Click the > next to the host name
d. Click More Information
e Under the Details tab click the Export button.
f. Save as PEM.
Network Sentry appliance CLI:
a. SSH to the Network Sentry Server or Control Server and type
echo -n | openssl s_client -connect <appliance name>:8443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > server.cert
Example:
echo -n | openssl s_client -connect qa6-74.bradfordnetworks.com:8443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > server.cert
depth=0 CN = qa6-74.bradfordnetworks.com
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = qa6-74.bradfordnetworks.com
verify return:1
DONE
b. ftp or scp file to desired location.
ftp <destination ip or name>
scp server.cert root@<location>:/<path>
2. Import the certificate to the browser.
FireFox:
a. Browse to https://<appliance name>:8443
The message "Your connection is not secure" displays.
b. Click Advanced
c. Click Add Exception
d. Click Confirm Security Exception
e. Close the browser completely and reopen.
Internet Explorer (IE):
a. Browse to https://<appliance name>:8443
b. Under start menu, in search bar type certmgr.msc.
c. Navigate to folder Trusted Root Certification AuthoritiesCertificates.
d. Click Action > All Tasks > Import
e. Browse and select the filename of the certificate.
f. Click Open
g. Click Next
h. Ensure Place all certificates in Certificate store Trusted Root Certification Authorities is selected
i. Click Next
j. Click Finish
k. When prompted to install certificate, click Yes
"The import was successful" should display.
l. Close the browser completely and reopen.
The URL should now display as secure.