Note: This topic applies to the Framlingham Release.
When you connect your web browser to the Smoothwall’s web-based interface on a HTTPS port for the first time, your browser will display a warning that the Smoothwall’s certificate is invalid. The reason given is usually that the certificate was signed by an unknown entity or because you are connecting to a site pretending to be another site.
This issue is one of identity. Usually, secure web sites on the Internet have a security certificate which is signed by a trusted third party. However, the Smoothwall’s certificate is a self-signed certificate.
Note: The data traveling between your browser and the Smoothwall is secure and encrypted.
To remove this warning, your web browser needs to be told to trust certificates generated by the Smoothwall.
To do this, import the certificate into your web browser. The details of how this are done vary between browsers and operating systems. See your browser’s documentation for information about how to import the certificate.
Your browser will generate a warning if the Smoothwall’s certificate contains the accepted site name for the secure site in question and your browser is accessing the site via a different address.
A certificate can only contain a single site name, and in the Smoothwall’s case, the hostname is used. If you try to access the site using its IP address, for example, the names will not match.
To remove this warning, access the Smoothwall using the hostname. If this is not possible, and you are accessing the site by some other name, then this warning will always be generated.
In most cases, browsers have an option you can select to ignore this warning and which will ignore these security checks in the future.
Neither of the above issues compromise the security of HTTPS access. They simply serve to illustrate that HTTPS is also about identity as well encryption.