After updating to the latest versions of Chrome and Firefox, access to the SSL services on the Smoothwall Filter and Firewall might generate a certificate error from the browser, stating that there is a missing Subject Alternate Name.
The automatically generated certificate used by default by the HTTPS Login page and the HTTPS Portal page does not have a SubjectAltName value by default. This can cause certificate warning errors on new versions of both Chrome and Firefox.
Create a new certificate for the HTTPS User facing services and apply that on the Smoothwall Filter and Firewall configuration. This will not cause any certificate error issues as this certificate is created using the default Certificate Authority on the Smoothwall Filter and Firewall, which will be installed on client systems.
Procedure
- Locate the Certificate Authority being used for the HTTPS Decrypt and inspect and create a new certificate with these settings:
- Authority: clear this.
- Name: type a descriptive name.
- Common name: type the internal host and domain name.
- Organization: type your company name.
-
Alternate names:
- Add all IP addresses that are assigned to the Smoothwall Filter and Firewall, one on each line.
- The hostname without the domain part.
- Any external host and domain name if applicable.
- It should look something like this:
Hostname
Host and domain name
Ip.address.number.1
Ip.address.number.2
-
Fill in the remaining fields and save the certificate.
- It should look something like this:
- Once the certificate has been created, click on the User facing HTTPS Services link listed to the right of the certificate currently being used for user facing HTTPS services and once that page loads, change the listing to use the new certificate, see Managing HTTPS inspection settings.