[squid-users] net err cert validity too long - chrome/safari

robert k Wild robertkwild at gmail.com
Thu Sep 23 16:35:29 UTC 2021 

Thanks Alex 😊

On Thu, 23 Sep 2021, 15:46 Alex Rousskov, <rousskov at measurement-factory.com>
wrote:

> On 9/23/21 9:49 AM, L.P.H. van Belle wrote:
> > sadly yes..
> >
> https://chromium.googlesource.com/chromium/src/+/HEAD/net/docs/certificate_lifetimes.md
>
> AFAICT, the above article says that Chrome only applies the 398-day
> restriction to certificates signed by CAs that are trusted in a
> _default_ installation of Chrome (i.e. the so called "publicly trusted
> CAs"). Rob's custom CA is not one of those publicly trusted CAs.
>
> Evidently, either the 398-day restriction is now applied to more
> situations than those described in the article OR Rob has circumvented
> Crhome's idea of "publicly trusted CAs".
>
> Alex.
>
> >
>  ------------------------------------------------------------------------
> >     *Van:* squid-users
> >     [mailto:squid-users-bounces at lists.squid-cache.org] *Namens *robert k
> >     Wild
> >     *Verzonden:* donderdag 23 september 2021 14:53
> >     *Aan:* squid-users at lists.squid-cache.org
> >     *Onderwerp:* [squid-users] net err cert validity too long -
> >     chrome/safari
> >
> >     hi all,
> >
> >     i get this error on chrome and safari, when i access the same
> >     website on firefox i get the proxy error page as i havnt whitelisted
> >     this site, when i whitelist it, i can get on the website on all
> >     three diff browsers and when i take it off the whitelist exactly the
> >     same before
> >
> >     i have googled and its because my cert is too long age, i made it
> >     999 days and i find out now it should be longer than 397 days
> >
> >     is this correct?
> >
> >     thanks,
> >     rob
> >
> >     --
> >     Regards,
> >
> >     Robert K Wild.
> >
> >
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
> >
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210923/33ea72c7/attachment.htm>

More information about the squid-users mailing list