SSL CERTIFICATE INSTALLED SUCCESSFULLY BUT STILL GETTING BROWSER HTTPS WARNINGS

Hi experts, I am trying to install a SSL certificate that we bought from a certificate authority, This certificate is working very fine in some Windows Server that we have, which is using IIS 7 and IIS 10 as the web servers. I made a backup of the certificate when I received it from the CA, the backup contains certificate plus key, in a PKCS#12 file format, which is also imported with a passsword. What I did first was upload the file; I went in WEBSERVER PROTECTION > CERTIFICATE MANAGEMENT > CERTIFICATES, I hitted "+ New Certificate..." button, putted a name, and I choose the Method as UPLOAD, then I searched from the certificate file, put my password and saved. The upload of the certificate was made fine, no problem or warnings was poped. The second step I made was went to the MANAGEMENT > WEBADMIN SETTINGS > HTTPS CETIFICATES, in option "Choose WebAdmin certificate", in the certificates container, I choosed the newly uploaded certificate, and clicked in "Apply". once again, no errors or warnings. The problem is: even with no errors in the certification import to the UTM, the web browser still showing security warnings, as you guys can see in the print below, the certificate is valid but the message that appears is that the connection is not safe. Any idea? Thanks in advance.

 

Sophos UTM v. 9.701-6

 

  • Look into the third tab. Is the intermediate certificate trusted too? The whole chain has to be correct.

    Best regards 

    Alex 

  • In reply to Alexander Busch:

    Hi Alex, thnks for the reply, yes, I uploaded the intermediate cert. also, but still not working. The trust chain is below, it seems to me to be okay, don't know why is not working. Regards.

     

  • In reply to Antonio Ferreira1:

    Hi Antonio,

    well, maybe it’s a problem with a wildcard cert. I didn’t use it. Maybe someone here can confirm that this is not the problem.

    Maybe open Webadmin temporary and do a test at Qualys SSLLabs?

    Sorry my brain doesn’t give me a new idea at the moment.

    Best regards 

    Alex

  • Hi Antonio,

    according to your screenshot you have a wildcard certificate for *.pi.senac.br. but you tried to access the name fwa01.adm.pi.senac.br which is not covered by the wildcard (and so the browser gives you the warning). Reason see https://en.wikipedia.org/wiki/Wildcard_certificate (... wildcard only covers one level of subdomains.)

    Solution, change the hostname of the firewall e.g. to fwa01-adm.pi.senac.br or use a letsencrypt cert for the hostname.