I followed the instructions to get the green lock in ssl. And can’t get it to work. SSL’s sha256 do not correspond in any file and neither public certificate. I didn’t forget to refresh winSCP before check.
Help is welcomed. elinks also shows ssl error for login too (so I’m not quite sure what to do)
Wondering too if instead of server.crt, the use openssl comands for nginx.crt Its possible?
I hope the following links will be helpful
Regards
Perhaps this will help.
Please show links to these instructions.
What browser are you using?
www.ipfire.org - Generate an SSL-Certificate manually
v3.ext
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:TRUE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign
subjectAltName = DNS:ipfirewall.domainlocal
issuerAltName = issuer:copy
Common Name: ipfirewall.domainlocal
Microsoft Edge
Versão 121.0.2277.128 (Compilação oficial) (64 bits)
Apparently Microsoft Edge does not automatically allow you to approve an exception for a self signed certificate.
There apparently is a method which is covered in this link.
https://stackoverflow.com/questions/62699391/how-to-bypass-certificate-errors-using-microsoft-edge
I am using Firefox and when you access via the self signed certificate it gives you the option to allow an exception.
It then shows the locked padlock but with an exclamation mark which if you hover over the padlock says that you have added a security exception for this site.
Safely accept it’s normal for the sha’s and md’s to not be the same between browsers and files in self-signed certificates. (?)
You were comparing two different things.
On the details of the certificates it is showing you the sha256 fingerprint of the certificate.
The other sha256 you showed is the sha256 hash of the certificate.
These are two different things.
If you want to compare the sha256 fingerprint of the server certificate you would need to find the openssl command that calculates the fingerprint of the certificate.
Ok, the fingerprint. It’s the first time I’m doing this step and I appreciate your attention and explications. I must look at how to find the fingerprint now. Thks
To check it yourself run the following command in your console
openssl x509 -in /etc/httpd/server-ecdsa.crt -fingerprint -sha256
Use the server-ecdsa.crt rather than the server.crt as most modern browsers will use the ecdsa version if available rather than the rsa version.
