[squid-users] net err cert validity too long - chrome/safari
Alex Rousskov
rousskov at measurement-factory.com
Thu Sep 23 14:46:41 UTC 2021
On 9/23/21 9:49 AM, L.P.H. van Belle wrote:
> sadly yes..
> https://chromium.googlesource.com/chromium/src/+/HEAD/net/docs/certificate_lifetimes.md
AFAICT, the above article says that Chrome only applies the 398-day
restriction to certificates signed by CAs that are trusted in a
_default_ installation of Chrome (i.e. the so called "publicly trusted
CAs"). Rob's custom CA is not one of those publicly trusted CAs.
Evidently, either the 398-day restriction is now applied to more
situations than those described in the article OR Rob has circumvented
Crhome's idea of "publicly trusted CAs".
Alex.
> ------------------------------------------------------------------------
> *Van:* squid-users
> [mailto:squid-users-bounces at lists.squid-cache.org] *Namens *robert k
> Wild
> *Verzonden:* donderdag 23 september 2021 14:53
> *Aan:* squid-users at lists.squid-cache.org
> *Onderwerp:* [squid-users] net err cert validity too long -
> chrome/safari
>
> hi all,
>
> i get this error on chrome and safari, when i access the same
> website on firefox i get the proxy error page as i havnt whitelisted
> this site, when i whitelist it, i can get on the website on all
> three diff browsers and when i take it off the whitelist exactly the
> same before
>
> i have googled and its because my cert is too long age, i made it
> 999 days and i find out now it should be longer than 397 days
>
> is this correct?
>
> thanks,
> rob
>
> --
> Regards,
>
> Robert K Wild.
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list