Self-Signed SSL Cert on Rasp.Pi

Hello,
I am trying to install the Public Certificate created with the groov device.
I have the .pem that is downloaded.
I have tried multiple online guides to install the cert on my Raspberry Pi.
Is there a specific way to install the cert onto the Pi? I have tried with Firefox and Chromium, and both are still showing the red lock icon.

Thank you.

Welcome to the forums.

Opto support of the Raspberry Pi is limited due to it not being our product.
Coupled in with that is that there are (at a good guess) about 20+ different distributions and at least 10+ web browsers, so its a lot of different combinations for us to test and support for something that is outside of our product range.

The groov EPIC is of course ours. But it sounds like you have generated and downloaded the certificate Ok.

I strongly recommend you take a few minutes and watch the two videos that @torchard has just posted:

https://www.opto22.com/support/resources-tools/videos/video-cybersecurity-default-self-signed-certific

Part two covers custom self signed:

https://www.opto22.com/support/resources-tools/videos/video-cybersecurity-custom-self-signed-certifica

Yes, these cover Windows, but I suspect the process is very similar. You will need to install the cert to the Linux trust store. I would try putting it in the web browser trust store that you are using first. Most browsers are happy to check their own trust store before using the OS trust store so that’s why I would start there.

1 Like

The certificate is showing in the browser when I click the lock. I already generated the custom .pem file that the video instructs. I put it in the Linux file system where it supposedly goes, but I am still not getting a secure connection. The error shown when connecting to the local IP address is NET::ERR_CERT_AUTHORITY_INVALID

Shown in image:

Can you please take a screenshot of the decoded certificate in groov Manage.
Security → Server → View decoded.

Thanks.

Ok thanks… Just wanted a sanity check because is very very very odd to have your host name set to an IP address.

EDIT: Thinking about it, I am just not sure having an ip address as a host name is a good idea.
I strongly recommend that you go to the groov Manage network settings and change the host name to something else, generate a new certificate and upload that to the browser.

The hostname is different, I just use the IP because its static anyway.

Ah, thats why the cert is not working then. The cert is for host name 192.168.1.77.
The certificate should match the hostname so the browser knows who its talking to.

The cert functions on Mac/Windows Pc’s, just not the raspberry pi.