[SOLVED] First installation, hostname & certificate

loic · July 31, 2015, 5:44am

Hi,
I’m new to Nethserver, so I may ask too simple questions. But I could not find the answer so I open this topic.
I have installed Nethserver on a Intel NUC behind my ISP router. I can access the manager within my lan. I have a dynamic IP, so I have installed ddclient (thank you Stéphane) and use noip.
Everything is find except that I cannot access permanently to my server through the dyn DNS. Any browser I use tells me that the site is unsafe due to self-signed certificate, but I have no option to add a permanent exception. I believe it is due to my certificate.
I have the following data:
no-ip DNS: xxx.ddns.net
Domain: ddns.net
Host: xxx
CN: xxx.ddns.net

Is my certificate with the right configuration? How can I add permanently this certificate to my computer?
Thank you for your help.
Loïc

malvank · July 31, 2015, 6:47am

Hi, Have you read the documentation in the base section how to add a custom Certificate ?

loic · July 31, 2015, 6:57am

Thank you. I will follow the instructions and let you know.
Loïc

loic · July 31, 2015, 7:03am

In fact, I don’t really understand what I shall do. Is the server certificate not enough? Why should I generate a custom certificate? When I re-generate the server certificate, I cannot accept permanently the certificate. I finally download the certificates from /etc/pki/tls/certs and installed them as permanent certificates, and it works.
Thanks for your comments.

filippo_carletti · July 31, 2015, 7:48am

I don’t think your problem is the certificate.
Could you describe (or take a screenshot) what’s happening when you access the system?
Maybe you could send me privately the dyndns hostname so that I can see the problem.

loic · July 31, 2015, 8:08am

I have such screen (sorry it is in French), with no possibility to add permanent certificate:

filippo_carletti · July 31, 2015, 8:11am

No need to permanently add the cert. You simply confirm the exception every time you connect. Until you buy a cert (or wait let’s encrypt).

loic · July 31, 2015, 8:13am

As you can see, there is no option to confirm access, just to quit!

GG_jr · July 31, 2015, 8:16am

Hello everybody,

I’m agree with Filippo.

I think the problem is from browser or from the browser in conjunction with the OS.
Even if I installed the certificates (Endian, NethServer, Zentyal), for administering or for webmail access, as Trusted, only with Mozilla I can add permanent exceptions.
I have issues with IE and Chrome.

When I used AXIGEN as email server, everything went well after I installed the certificate as Trusted on any computer that used webmail access. After a while, depending of the updates/upgrades of the OS & browsers, some users had this issues.

Kind regards,
Gabriel

filippo_carletti · July 31, 2015, 8:16am

It’s a browser problem. Try another browser, please.
See mine:

loic · July 31, 2015, 8:19am

I had tried with Firefox, IE & Chrome with the same results. I manually added the certificate imported from the server and now IE works, but still now luck with Firefox.

loic · July 31, 2015, 1:14pm

Seems to work now. Thanks all of you.

GG_jr · July 31, 2015, 1:23pm

Hi Ioic,

You are welcome!

Can you mark the post as SOLVED?
Can you give us more details?
I think it will be useful for everybody on this Forum.

Thank you in advance,
Gabriel

loic · July 31, 2015, 2:03pm

I went to the certificate manager of Firefox, and add an exception to the url of my site, then add a permanent exception.

malvank · July 31, 2015, 7:30pm

Sorry my fault, I thought you wanted to add an real certificate and not an permanent exception for the self signed certificate in your browser.