Bug #7496
closed
Chrome 58 added cert requirements which make it fail to accept the default self-signed certificates
Added by Ivor Kreso over 7 years ago.
Updated over 7 years ago.
- Status changed from New to Feedback
- % Done changed from 0 to 100
This fix will be in 2.4 and 2.3.4 snapshots shortly. To apply the fix early, or to apply the fix to existing 2.3.3-p1 systems, follow these steps:
- Install the System Patches package ( https://doc.pfsense.org/index.php/System_Patches )
- Add a new patch under System > Patches
- Give it a Description such as "certsanfix"
- Enter the appropriate URL/Commit ID for the firewall version:
- 2.4 snapshots: a636256cf9a7e27cf5d26c7677d0b7961e0fb143
- 2.3.4 snapshots: cad0d5bc8da8034c4fa7f41e5476a80b0c38b04f
- 2.3.3-RELEASE-p1: c1a42e25a35b16821eaf88418c449741d1638c00
- Set Path Strip Count to 2 (this should be set automatically on save, but do it anyhow just in case)
- Click Save
- Click Fetch on the patch entry in the list
- Click Apply on the patch entry in the list
- Open a console or shell prompt, enter option 8 for the shell
- Run the following command::
pfSsh.php playback generateguicert
The firewall will generate and activate a fresh GUI certificate.
Connect to the GUI with a browser to test.
Would be probably good to show the SANs in the Cert. Manager (in place/in addition to CN) -- somehow doesn't seem to be the case (at least looking at the certs produced by ACME package.)
Likely better handled with a separate ticket though.
That's on my to-do list as well, I was thinking a "view certificate" icon/operation may be more useful, to print all of the properties in the certificate.
Hello!
Certificates work fine for Chrome 58 if you add CN also in 'Alternative Names' -> 'FQDN or Hostname'.
- Status changed from Feedback to Resolved
Works OK in snapshots, reports of others showing it works as well. Seems to be solid. Closing.
Also available in: Atom
PDF
Updated by 
Updated by Kill Bill 
Updated by