https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162017-04-26T09:00:06ZpfSense bugtrackerpfSense - Bug #7496: Chrome 58 added cert requirements which make it fail to accept the default self-signed certificateshttps://redmine.pfsense.org/issues/7496?journal_id=326172017-04-26T09:00:06ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Always add the CN as the first SAN when creating a certificate in the GUI or an automatic GUI sel..." href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/a636256cf9a7e27cf5d26c7677d0b7961e0fb143">a636256cf9a7e27cf5d26c7677d0b7961e0fb143</a>.</p> pfSense - Bug #7496: Chrome 58 added cert requirements which make it fail to accept the default self-signed certificateshttps://redmine.pfsense.org/issues/7496?journal_id=326182017-04-26T09:06:17ZJim Pingle
<ul></ul><p>This fix will be in 2.4 and 2.3.4 snapshots shortly. To apply the fix early, or to apply the fix to existing 2.3.3-p1 systems, follow these steps:</p>
<ul>
<li>Install the System Patches package ( <a class="external" href="https://doc.pfsense.org/index.php/System_Patches">https://doc.pfsense.org/index.php/System_Patches</a> )</li>
<li>Add a new patch under System > Patches</li>
<li>Give it a Description such as "certsanfix" </li>
<li>Enter the appropriate URL/Commit ID for the firewall version:
<ul>
<li>2.4 snapshots: a636256cf9a7e27cf5d26c7677d0b7961e0fb143</li>
<li>2.3.4 snapshots: cad0d5bc8da8034c4fa7f41e5476a80b0c38b04f</li>
<li>2.3.3-RELEASE-p1: c1a42e25a35b16821eaf88418c449741d1638c00</li>
</ul></li>
</ul>
<ul>
<li>Set Path Strip Count to 2 (this should be set automatically on save, but do it anyhow just in case)</li>
<li>Click Save</li>
<li>Click Fetch on the patch entry in the list</li>
<li>Click Apply on the patch entry in the list</li>
<li>Open a console or shell prompt, enter option 8 for the shell</li>
<li>Run the following command::</li>
</ul>
<pre>
pfSsh.php playback generateguicert
</pre>
<p>The firewall will generate and activate a fresh GUI certificate.</p>
<p>Connect to the GUI with a browser to test.</p> pfSense - Bug #7496: Chrome 58 added cert requirements which make it fail to accept the default self-signed certificateshttps://redmine.pfsense.org/issues/7496?journal_id=326192017-04-26T10:00:44ZKill Bill
<ul></ul><p>Would be probably good to show the SANs in the Cert. Manager (in place/in addition to CN) -- somehow doesn't seem to be the case (at least looking at the certs produced by ACME package.)</p>
<p>Likely better handled with a separate ticket though.</p> pfSense - Bug #7496: Chrome 58 added cert requirements which make it fail to accept the default self-signed certificateshttps://redmine.pfsense.org/issues/7496?journal_id=326202017-04-26T10:06:22ZJim Pingle
<ul></ul><p>That's on my to-do list as well, I was thinking a "view certificate" icon/operation may be more useful, to print all of the properties in the certificate.</p> pfSense - Bug #7496: Chrome 58 added cert requirements which make it fail to accept the default self-signed certificateshttps://redmine.pfsense.org/issues/7496?journal_id=326252017-04-27T07:53:42ZKonstantin K
<ul></ul><p>Hello!<br />Certificates work fine for Chrome 58 if you add CN also in 'Alternative Names' -> 'FQDN or Hostname'.</p> pfSense - Bug #7496: Chrome 58 added cert requirements which make it fail to accept the default self-signed certificateshttps://redmine.pfsense.org/issues/7496?journal_id=326392017-05-01T11:07:58ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>Works OK in snapshots, reports of others showing it works as well. Seems to be solid. Closing.</p>