99 my self-signed certificate stopped to work. It seems simple to use and great for local development. cfssl is also a very robust tool that is widely used and worth checking out. The Docker documentation has a great straightforward example for creating a self-signed certificate authority and signing certificates with OpenSSL.You can reference the README.md for more details and options for automation.īe sure to restart chrome after installing new certificates. The script will guide you through a series of questions to include the necessary information (including the subjectAltName field). I created a self-signed-tls bash script with straightforward options to make it easy to generate certificate authorities and sign x509 certificates with OpenSSL (valid in Chrome using the subjectAltName field). OpenSSL accepts x509v3 configuration files to add extended configurations to certificates (see the subjectAltName field for configuration options). The use of the subjectAltName field has been enforced in Chrome since version 58 (see Chrome 58 deprecations). RFC2818 has deprecated falling back to the commonName field since May of 2000. Note: Scripts that address this issue, and create fully trusted ssl certs for use in Chrome, Safari and from Java clients can be found hereĪnother note: If all you're trying to do is stop chrome from throwing errors when viewing a self signed certificate, you can can tell Chrome to ignore all SSL errors for ALL sites by starting it with a special command line option, as detailed here on SuperUserĪs others have mentioned, the NET::ERR_CERT_COMMON_NAME_INVALID error is occurring because the generated certificate does not include the SAN ( subjectAltName) field. KeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment v3.ext authorityKeyIdentifier=keyid,issuer So if it was then you'd use that for both. Note that typically you'd set the Common Name and %%DOMAIN%% to the domain you're trying to generate a cert for. Where v3.ext is a file like so, with %%DOMAIN%% replaced with the same name you use as your Common Name. To fix this, you need to supply an extra parameter to openssl when you're creating the cert, basically
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |