Sujet : Re: Chromium and self-signed certificates
De : <bp (at) *nospam* www.zefox.net>
Groupes : comp.sys.raspberry-piDate : 01. Sep 2024, 01:23:58
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vb0c6u$17650$1@dont-email.me>
References : 1 2 3 4 5
User-Agent : tin/2.6.2-20221225 ("Pittyvaich") (FreeBSD/14.0-RELEASE-p9 (arm64))
Richard Kettlewell <
invalid@invalid.invalid> wrote:
<bp@www.zefox.net> writes:
The reference to "scrambled credentials" implies a syntax error, some
kind of credential checker would be a useful tool at this point.
I see nothing about “scrambled credentials” above. If the browser got as
far as displaying the certificate subject then it is certainly
syntactically well-formed, your browser just doesn’t like the contents.
Sorry, that terminology came from the informational window presented by
Chromium saying it didn't like the certificate.
You will probably need at least a subjectAltName extension containing
the DNS name of your server. This has been a cabforum.org requirement
for real certificates for a long time and I don’t know of any reason it
wouldn’t apply to self-signed certificates too.
The DNS name is displayed in the Common Name, pelorus.zefox.org, which I
thought was sufficient.
Lawrence D'Oliviero's reply following yours touches on what I suspect
is my greatest misunderstanding: I thought a self-signed certificate
stood on its own. If I'm reading right (and it's early times still)
it looks like I need both server certificate _and_ CA-certificate
files. That is something I didn't catch on to until just now.
Thanks for writing,
bob prohaska
Chromium and self-signed certificates
Re: Chromium and self-signed certificates
