Self-signed certificates missing a SAN (Subject Alternate Name) #3
Comments
|
@suntong I cannot get the SSL bump to work - all the certificates are being rejected by the browser. Chrome said that it "is not standards compliant". Can you be more specific about how you resolved this issue? Is it an issue with the CA generation or squid.conf? I see in Squid change log they have this which seems like it would have fixed the issue you are describing. |
|
This fork has a patch which upgrades Squid to v4 will resolve the issue. sara4dev@787c4aa |
|
I was never able to fix it myself. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If self-signed certificate missing a SAN (Subject Alternate Name), modern browsers will throw a security error. So it's important to put DNS name in the SAN and not the CN, because both the IETF and the CA/Browser Forums specify the practice.
For details, check out How to create a self-signed certificate.
The text was updated successfully, but these errors were encountered: