[squid-users] ssl bump and chrome 58
Flashdown
flashdown at data-core.org
Thu Apr 27 16:16:39 UTC 2017
Hello together,
Suddenly I am facing the same issue when users Chrome has been updated
to V58. I am running Squid 3.5.23.
This is the reason:
https://www.thesslstore.com/blog/security-changes-in-chrome-58/
Short: Common Name Support Removed in Chrome 58 and Squid does not
create certs with DNS-Alternatives names in it. Because of that it
fails.
Chrome says:
1. Subject Alternative Name Missing - The certificate for this site does
not contain a Subject Alternative Name extension containing a domain
name or IP address.
2. Certificate Error - There are issues with the site's certificate
chain (net::ERR_CERT_COMMON_NAME_INVALID).
Can we get Squid to add the DNS-Alternative Name to the generated certs?
Since this is what I believe is now required in Chrome 58+
Best regards,
Enrico
Am 2017-04-21 15:35, schrieb Yuri Voinov:
> I see no problem with it on all five SSL Bump-aware servers with new
> Chrome. So fare so good.
>
>
> 21.04.2017 18:29, Marko Cupać пишет:
>> Hi,
>>
>> I have squid setup with ssl bump which worked fine, but since I
>> updated
>> chrome to 58 it won't display any https sites, throwing
>> NTT:ERR_CERT_COMMON_NAME_INVALID. https sites still work in previous
>> chrome version, as well as in IE.
>>
>> Anything I can do in squid config to get ssl-bumped sites in chrome
>> again?
>>
>> Thank you in advance,
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list