[squid-users] net::err_cert_common_name_invalid just in squid page with dstdomain block

Yuri yvoinov at gmail.com
Thu Dec 7 18:33:36 UTC 2017



07.12.2017 21:27, Matus UHLAR - fantomas пишет:
> On 07.12.17 08:05, erdosain9 wrote:
>> Yes, Chrome tell this when i look the certificate
>>
>> "The certificate for this site does not contain a Subject Alternative
>> Name
>> extension containing a domain name or IP address."
>
> are you aware that this is not a squid problem?
>
>> So, my certificate does not have a Subject Alternative Name.
So what? Re-issue cert with openssl and add this field. This is trivial.
>> But, this is not a problem with Firefox.
Firefox uses not so restrictive SSL handling.
>
> only with certificates issued after some date, not sure when, but it will
> come.
>
>> I have to change my certificate?? t
>> There is a way to tell Chrome "dont look for this"???
>
> only by using chrome <58
Not only. It is exists registry hack for Chrome to workaround this. Not
sure it will still works.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"EnableCommonNameFallbackForLocalAnchors"=dword:00000001
"EnableDeprecatedWebBasedSignin"=dword:00000000

It's easy to JFGI this hack as .reg-file, if any difficults to make this
by manual.
>
> the CommonName does not have documented format, the
> SubjectAlternativeName
> does.
>
It is documented in openssl man pages. Also it is documented in Google
technical documentation. JFGI.

-- 
"Some people, when confronted with a problem, think «I know, I'll use regular expressions.» Now they have two problems."
--Jamie Zawinsk

**************************
* C++: Bug to the future *
**************************


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 512 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171208/d221250e/attachment-0001.sig>


More information about the squid-users mailing list