Re: [PLUG] Chrome and Certificates (WAS:Fwd: Confused

Michael Leone on 26 Jun 2019 07:50:21 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Chrome and Certificates (WAS:Fwd: Confused - certificate is valid in IE/Edge but not in Chrome?)

From: Michael Leone <turgon@mike-leone.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Chrome and Certificates (WAS:Fwd: Confused - certificate is valid in IE/Edge but not in Chrome?)
Date: Wed, 26 Jun 2019 10:50:05 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mike-leone.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Z/JvKm5yhvLmYy5ikvajgwdPt6hacLjCHayGcg2ip9o=; b=KfaHu3W7xEP4nsVmhpyejWhDme46dVoqhfLh+8wOybnNSVeyiRPgiN+HkJQG+3wnbr 8RYwMKx08alWEWiLTrCKYkO3yfiesTZ+T6MMuySpYy2Rd/ec+tDzqiByBod/emT4hcuz LPHI8WIHut7cjxrx+rCZn+BNcSkFDPXIgV0vY=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Wed, Jun 26, 2019 at 10:28 AM brent timothy saner
<brent.saner@gmail.com> wrote:
>
> Yep. Not even "can"; "is".
> FWIW, I believe you can tell openssl to include any SANs in the CSR
> automatically (but you'd still need to define those in the config used
> to generate the CSR).

Hrumph. :-)

> You put it in the config file. Usually DNS.1 is the CN. (If memory
> serves, you can use a variable for the CN.) For bare domain certs (e.g.
> domain.tld), I'd recommend also adding a www.domain.tld SAN.
>

Well, in this particular case, it's only for a test. The actual CA who
will be issuing certs for this internal domain will be a Windows
subordinate CA, and it has certificate templates you can customize, to
add the SANs.

I just want to see it work, for Google Chrome, from my root cA, before
I make the issuing CA in AD.

I will hardcode it for now, I guess.

Thanks
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Chrome and Certificates (WAS:Fwd: Confused - certificate is valid in IE/Edge but not in Chrome?)
  - From: Martin Dellwo <martin.dellwo@gmail.com>

References:
- [PLUG] Fwd: Confused - certificate is valid in IE/Edge but not in Chrome?
  - From: Michael Leone <turgon@mike-leone.com>
- Re: [PLUG] Chrome and Certificates (WAS:Fwd: Confused - certificate is valid in IE/Edge but not in Chrome?)
  - From: brent timothy saner <brent.saner@gmail.com>

Prev by Date: Re: [PLUG] Chrome and Certificates (WAS:Fwd: Confused - certificate is valid in IE/Edge but not in Chrome?)
Next by Date: Re: [PLUG] Chrome and Certificates (WAS:Fwd: Confused - certificate is valid in IE/Edge but not in Chrome?)
Previous by thread: Re: [PLUG] Chrome and Certificates (WAS:Fwd: Confused - certificate is valid in IE/Edge but not in Chrome?)
Next by thread: Re: [PLUG] Chrome and Certificates (WAS:Fwd: Confused - certificate is valid in IE/Edge but not in Chrome?)
Index(es):
- Date
- Thread