After updating to the latest versions of Chrome and Firefox, access to the SSL services on the Smoothwall system may generate a certificate error from the browser, stating that there is a missing Subject Alternate Name.
The automatically generated certificate used by default by the HTTPS Login page and the HTTPS Portal page does not have a SubjectAltName value by default. This can cause certificate warning errors on new versions of both Chrome and Firefox.
The solution is to create a new certificate for the HTTPS User facing services and apply that on the Smoothwall configuration. This will not cause any certificate error issues as this certificate is created using the default Certificate Authority on the Smoothwall, which will be installed on client systems.
To create a new certificate for the Smoothwall go to the System > Certificate > Certificates for services section. Find the Certificate Authority being used for the HTTPS Decrypt and inspect and use the button: New certificate. When the new certificate dialogue shows, enter the following information:
- Remove the tickbox in Authority
- Add a descriptive name in the name field e.g.: “|Company firewall and webfilter”
- Add the internal host and domain name in the Common name field.
- In the Organisation field add your company name.
- Expand the Advanced button and in the Alternate Names field add the following:
- All IP addresses that are assigned to the Smoothwall – one on each line.
- The hostname without the domain part.
- Any external host and domain name if applicable.
So the Alternate Names field should look something like this:
Host and domain name
Fill in the remaining fields and save the certificate. Once the certificate has been created, click on the User facing HTTPS Services link listed to the right of the certificate currently being used for user facing HTTPS services and once that page loads, change the listing to use the new certificate.