I am settings up a CA for my son’s home network using easy-rsa.
I have create the CA and added to the fedora trust store in /etc/pki,
then generated a server certificate and setup httpd to use it.
When I use curl to access the server everything works.
I added the root CA to firefox in Settings/Certificate Manager/Authorities.
Clicking the “This certificate can identify web sites”.
But I cannot get firefox to work. It shows this:
Warning: Potential Security Risk Ahead
Firefox detected a potential security threat and did not continue to ozyserver.home. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.
What can you do about it?
The issue is most likely with the web site, and there is nothing you can do to resolve it. You can notify the web site’s administrator about the problem.
This is the root CA (trimmed out the modulas):
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1f:2d:9e:5c:6a:76:54:95:db:27:37:50:a8:45:fe:fa:03:9f:93:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ozynet.home
Validity
Not Before: Aug 19 10:11:33 2024 GMT
Not After : Aug 17 10:11:33 2034 GMT
Subject: CN=ozynet.home
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
85:80:6D:6E:1A:F3:CE:7E:5D:98:CC:2A:3E:7B:01:5F:6A:1C:F3:40
X509v3 Authority Key Identifier:
keyid:85:80:6D:6E:1A:F3:CE:7E:5D:98:CC:2A:3E:7B:01:5F:6A:1C:F3:40
DirName:/CN=ozynet.home
serial:1F:2D:9E:5C:6A:76:54:95:DB:27:37:50:A8:45:FE:FA:03:9F:93:08
X509v3 Key Usage:
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
And this is the server certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b0:3a:1f:65:7f:48:1e:e6:4d:b6:2f:02:6e:da:51:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ozynet.home
Validity
Not Before: Aug 19 10:11:48 2024 GMT
Not After : Aug 17 10:11:48 2034 GMT
Subject: CN=ozyserver.home
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
34:88:37:11:0E:A5:52:2D:22:7B:76:2D:F0:93:E9:29:72:28:19:60
X509v3 Authority Key Identifier:
keyid:85:80:6D:6E:1A:F3:CE:7E:5D:98:CC:2A:3E:7B:01:5F:6A:1C:F3:40
DirName:/CN=ozynet.home
serial:1F:2D:9E:5C:6A:76:54:95:DB:27:37:50:A8:45:FE:FA:03:9F:93:08
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
...
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----