On 15-09-17 15:24, Richard Olsen wrote: > "host.local.com <http://host.local.com> uses and invalid security > certificate. The certificate is not trusted because the issuer > certificate is unknown. The server might not be sending the appropriate > intermediate certficates. An addistional root certificate may need to be > imported> > Error code"SEC_ERROR_UNKNOWN_ISSUER" This is the normal message you get from firefox when your certificate is self-signed. It appears because firefox doesn't know the certificate issuer (obviously), and is important so as to avoid an MITM attack. You have three options: - (preferred) use something like letsencrypt to get a public-trusted certificate (although obviously that won't work if your site is not on the public Internet) - Create your own private CA that you then import as trusted into the browsers on your network (rather a lot of work, but probably the better option if this isn't just a home experiment) - Tell Firefox to ignore the fact that it's a self-signed certificate by clicking on the "Add exception..." button. In the dialog that appears, make sure that the "Permanently store this exception" option is checked, and hit "Confirm security exception". You will need to do this on every machine that wants to connect to your server, for every certificate that you create in this way, which may be a lot of work; if you don't want that, see above. -- Wouter Verhelst -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
