WUI Certificate is not trusted?

When I open my FireFox browser to connect to the WUI, after the core 155->156 update, the browser complains about a “certificate is not trusted because it is self-signed”.
error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
What must be done to fix and eliminate this problem ?

That was never been different that has always been the case. It looks more like you did a fresh install or reinstalled your browser/delete settings. However this should help

Not all my IPFire boxes have this issue. There was a fix provided long ago.
I do not remember what was done (ie new certficate or Firefox browser setting).

Well you said

My answer is the most logical for me with the little information you have given. I can only work with what you provide. Now you are talking about a fix a long time ago.

In other words if it worked with 155 and you just did an update the certificate must still work without a new message. I would be surprised if I am wrong about this.

I am wondering where this certificate is located ?
If on IPFire PC, then perhaps I can copy the working one to the other IPFire PC’s.
Anyone know the location of the certificate ?

Please look here:

/etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf

In this section:

SSLCertificateFile /etc/httpd/server.crt
SSLCertificateKeyFile /etc/httpd/server.key
SSLCertificateFile /etc/httpd/server-ecdsa.crt
SSLCertificateKeyFile /etc/httpd/server-ecdsa.key

There you’ll find the certificates and keys.

1 Like

First you complained that the certificate is not trusted. Now your problem is that it doesn’t work. because your browser forgot the certificate for whatever reason, you think that the best way is to copy the certificates from one IPFire to another? That can’t be the solution. If your browser forgot the certificate, there must have been some additional steps that you didn’t mention before.

I get certificates from Let’s Encrypt to correspond to the DNS names for ipfire and use these - the only thing is that I don’t think there is a Let’s Encrypt client that runs on IPFire so I use two devices that are behind them and then copy the certificates when they get renewed.

Hi @dejan

dehydrated is an IPFire addon that is a client for signing Let’s Encrypt certificates.

https://wiki.ipfire.org/addons/dehydrated

Thank you @bonnietwin - I didn’t know about this. It will save me the copy step :smiley: