Michael Leone on 26 Jun 2019 07:50:21 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Chrome and Certificates (WAS:Fwd: Confused - certificate is valid in IE/Edge but not in Chrome?)

On Wed, Jun 26, 2019 at 10:28 AM brent timothy saner
<brent.saner@gmail.com> wrote:
> Yep. Not even "can"; "is".
> FWIW, I believe you can tell openssl to include any SANs in the CSR
> automatically (but you'd still need to define those in the config used
> to generate the CSR).

Hrumph. :-)

> You put it in the config file. Usually DNS.1 is the CN. (If memory
> serves, you can use a variable for the CN.) For bare domain certs (e.g.
> domain.tld), I'd recommend also adding a www.domain.tld SAN.

Well, in this particular case, it's only for a test. The actual CA who
will be issuing certs for this internal domain will be a Windows
subordinate CA, and it has certificate templates you can customize, to
add the SANs.

I just want to see it work, for Google Chrome, from my root cA, before
I make the issuing CA in AD.

I will hardcode it for now, I guess.

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug