Problems with pfsense.localdomain hostname

stephenw10

Ah, yeah, Chrome loves to do that.

fw

@stephenw10 I need to just stop using chrome completely. All it does is cause me headaches.

jimp

It was doing you a favor, though. Go back to HTTPS :-)

fw

@jimp yes did that already :) Although Chrome does not work at all with my self signed certificate. I added my SSL certificate and my intermediate root authority certificate in my keychain (MacOS) and it still refuses to connect over HTTPS. If I click on the security icon in Chrome to view the certificate, it says that it is trusted by the OS, even though Chrome says that it is "revoked". Firefox works great though.

jimp

Probably the default cert lifetime. The GUI certs on 2.4.4-p3 and earlier default to 2000 days, Macs only allow 825 now (and will lower that to 389 soon).

https://redmine.pfsense.org/issues/9825

fw

@jimp this is a Chrome specific issue. MacOS says that the cert is trusted. Firefox also says that it is trusted. Also, I generated the Cert a couple of weeks ago, so this is definitely not reaching a cert lifetime issue.

jimp

It still can be. Look at the change made in https://redmine.pfsense.org/projects/pfsense/repository/revisions/71185882dc168e49347f0924f33a207aaf6e2db0/diff and make that edit yourself by hand (but use 389, not 825, and then go to a shell prompt (ssh or console) and run pfSsh.php playback generateguicert and see what happens.

fw

@jimp Ohh I see what you are saying. I'll give that a try. Thanks.

fw

That worked thanks! It's annoying that Chrome's error was this:
NET::ERR_CERT_REVOKED

instead of this:
NET::ERR_CERT_VALIDITY_TOO_LONG

johnpoz

Exactly!!! BS error that doesn't say what the problem is!