Registering FIDO2 Issue

[Hidayah]

Hi,

I am facing issues when trying to register my U2F for a user. After i click on the blinking red text to start the FIDO2 registration, this pop up "WebAuthn is not supported on sites with TLS certificate errors" comes out. I have added the WebADM ca.crt to the Trusted Root but the same issue still persists. Do help, thanks.

[Spyridon Gouliarmis (RCDevs)]

Hi,

does your browser trust the certificate presented by the website? If you used custom.crt, it's not signed by the webadm CA.

[Hidayah]

Hi,

im pretty sure i am not using custom.crt. do let me know how to double confirm on this.

As for the browser, it does not trust the certificate presented by the website even after i have added the WebADM ca.crt into the Trusted Root.

[Spyridon Gouliarmis (RCDevs)]

If your WebADM install has a file called /opt/webadm/pki/custom.crt, it will try to pick it up.

You can check the certificate details from your browser (most use the little symbol at the left of the URL box) and confirm that the certificate in "Issued By" is indeed the one you imported into Trusted Root.

[Hidayah]

i have checked the directory /opt/webadm/pki, there is no custom.crt. There is only webadm.crt, webadm.csr and webadm.key.

As for the certificate, it is issued by WebADM CA, and i have confirmed that it is the certificate that i imported into Trusted Root.

[Hidayah]

Hi,

Do let me know what else i should do/check since the certificate issue still persists. Thanks.

[Spyridon Gouliarmis (RCDevs)]

Did you use the WebADM CA, or the one signed by it? I'm not sure Windows is willing to use a certificate as a "trusted root" if it's a mere "web" certificate and doesn't have the usual CA extensions. 

The WebADM CA cert alone can be downloaded from Admin tab -> Download Internal CA Certificate so there's no confusion.

[Spyridon Gouliarmis (RCDevs)]

Did you use different browsers, by the way? I've seen sites accepted by Firefox throwing certificate errors on Edge.