Hi I have found instructions how to get SSL certifcates created . I have private.key ,private.key.nopassword and server.crt and server.csr used to get this.
I have put the private (stuff) in etc/ssl/private and the server.crt in /etc/ssl/certs
But has zero effect when I open Octoprint , shows as insecure and https://octoprint.local kicks up messageof insecurity
So you're basically using a self-signed certificate based on the error message. What you need to do is import your server.crt file into your trusted root certificate authorities on your machine(s) accessing the pi. Details can be found on my how-to for that almost at the end of my post linked below.
I did as you suggest and added server.crt to Trusted Root Certificates Authorities . It has changed the message but still fails. I have the feeling The server.crt I made is under my name not FQDN. So I wonder what Certificate this is refering to ? Maybe I need to find another certificate on my octopi machine ?
Your connection is not private
Attackers might be trying to steal your information from octopi.local (for example, passwords, messages or credit cards). Learn more
Yeah, the common name of your server cert has to be either the ip address of the server or the FQDN. It all depends on how you access the web interface.
To the best of my knowledge certs can't be for *.local addresses, for what it's worth.
But since I have myJS.io as a domain name, I could issue a public DNS A record for octopi.myJS.io to my private IP address, do the cert for that FQDN and it would work fine for me internally over HTTPS/SSL.