bthoven Posted November 20, 2023 Share Posted November 20, 2023 (edited) The is my simple way to eliminate the privacy error when opening my unraid webui. From the Settings/Management Access, unraid already created a self-signed certificate (without CA) for my local domain, for me, bthoven-unraid.local. Yours are different. My objective is to get rid of the privacy error when opening the webui with the above local domain. The concept is for self-certificate without CA certificate, we can use its own certificate part as a CA certificate which can be imported to your webbrowser CA trusted certificate authority. The self-signed cert my unraid has created is stored at a file inside this folder /boot/config/ssl/certs/bthoven-unraid_unraid_bundle.pem. The pem file consists of two parts, i.e., certificate and private key, as shown below. -----BEGIN CERTIFICATE----- MIIDTTCCAjWgAwIBAgIUAiGb9N7fdx8PdPofrvSErkimDE0wDQYJKoZIhvcNAQEN BQAwRjEUMBIGA1UECgwLU2VsZi1zaWduZWQxDzANBgNVBAsMBnVuUkFJRDEdMBsG A1UEAwwUYnRob3Zlbi11bnJhaWQubG9jYWwwHhcNMjExMTA0MDUwMDU3WhcNMzEx .... PrO5NecGZlxijyDu/qXmCyO9f/pJObLKwMq217ELfcDbixeCvKgEPpOpUj89mzFE J2jy/3t3IUT/uuZ+nK5TtMlG6/Cd9NMxYny4w62RS9lU -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDQmPKpu70m7gY2 SzFE8mr8uO1xWPOOeud5Ww/avbmm2LRdzV3l8KyhZsQ7npReEBm+5G3TNlMbQuTn ... XFNOfE+KM5RwOtBOHwzscH3G40yhH0OlcHyk4e5fQakgnEX/lfw8mDyq8fVbUkRu 9DrODigjwPS1FxsANOobVAJLfSlsoASNDPQO+oRVEztOZbWNjuRtAMl1rQFXie01 YkEXw4xJ5WFMz/5L1d9SoqH+7w== -----END PRIVATE KEY----- What we need is to create a file which contains only the certificate part and save it somewhere on your PC. The file will have only this part: -----BEGIN CERTIFICATE----- MIIDTTCCAjWgAwIBAgIUAiGb9N7fdx8PdPofrvSErkimDE0wDQYJKoZIhvcNAQEN BQAwRjEUMBIGA1UECgwLU2VsZi1zaWduZWQxDzANBgNVBAsMBnVuUkFJRDEdMBsG A1UEAwwUYnRob3Zlbi11bnJhaWQubG9jYWwwHhcNMjExMTA0MDUwMDU3WhcNMzEx .... PrO5NecGZlxijyDu/qXmCyO9f/pJObLKwMq217ELfcDbixeCvKgEPpOpUj89mzFE J2jy/3t3IUT/uuZ+nK5TtMlG6/Cd9NMxYny4w62RS9lU -----END CERTIFICATE----- So the broad steps are: 1. create a certificate-only file as shown above (ssh to your unraid, copy the file /boot/config/ssl/certs/bthoven-unraid_unraid_bundle.pem over to your pc, copy and paste the certificate part to a new file on your PC) 2. Inside my Microsoft Edge browser, import the cert-only file, created on step 1, into the Trusted Root Certification Authorities. Different browser has different way to do it. This step is to make your PC and all browsers on that PC "trust" unraid self-signed certificate. 3. Try entering url, in my case, bthoven-unraid.local, in your browser, the privacy error will be no longer there. In case you still get the privacy error, you may have to restart your browser, or even your PC. When I did this on my PC, it just works right away; but on my laptop, I need to restart my laptop. For other PCs or browser, you have to do the step 2 to make the browser trust unraid self-signed certificate. For iOS and Android, you can trust the certificate too, but a little bit more complicated. Let me know if you want to know how. Please note that, this doesn't work with local ip url because the self-cert was signed without your local ip as SAN. If you want to make it work when entering your unraid local IP, you have to create a new self-signed cert which includes the unraid local IP. This is another subject which is also quite simple. Edited November 21, 2023 by bthoven add more information Quote Link to comment
Aidan13 Posted January 27 Share Posted January 27 bthoven Thanks for the info, I'm just about there; question when I save the self-signed cert should this newly created file be .txt? Cheers Tim N Quote Link to comment
bthoven Posted January 27 Author Share Posted January 27 (edited) I believe .txt is fine. If not work when importing, simply rename the same cert file extension to .pem, .crt, or .cer and try importing again. Edited January 27 by bthoven Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.