Issues with WbConfigurator SSL cert after Chrome update to v58
-
Hi,
I have pfSense installed and running using a self signed cert from a pfSense internal CA, and it has been working fine for months.
I deploy the self signed cert to my machines via GPO.I updated to Chrome v58 within the last few days, and now Chrome refuses to load the web configurator page citing:
ERR_CERT_COMMON_NAME_INVALIDThat's rubbish, as if I use the same DNS name in IE, it loads and trusts the certificate.
Anyone else having an issue in Chrome version 58 when using a self signed cert?
Thanks
Eds -
Ok looks like Chrome now requires certs to have a SAN:
https://alexanderzeitler.com/articles/Fixing-Chrome-missing_subjectAltName-selfsigned-cert-openssl/Do I really have to go through the hassle of generating a self signed cert using this method, or can I add a SAN to the cert via pfSense?
Cheers
Eds -
I should probably try these things before posting…
Just generated a new self signed cert via pfSense and just copied the CN into the alternate name field and it now works.
-
See also:
https://redmine.pfsense.org/issues/7496
https://forum.pfsense.org/index.php?topic=129567.0 -
I created a new User Cert, this time adding Alternate Names with both the FQDN and IP address. In pfSense, I selected the new SSL cert from System –> Admin. I then exported both the user cert and the CA and imported those into the Windows Certificates --> Trusted Root Certification Authorities section.
Now in Chrome 58 when I try to go to the secure URL for my pfSense router, Chrome is giving me this error:
Certificate Error There are issues with the site's certificate chain (net::ERR_CERT_INVALID).What am I doing wrong here?
-
Figured it out. I just needed to make it a server cert, not a user cert. Chrome is happy now.
-
This post is deleted!
