I’m actually testing it and I will let you know what we can do about that.
Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Dec 7, 2020, at 9:29 AM, <[email protected]> <[email protected]> wrote: > > Hi, > > yes, Root CA is installed. But modern browsers require the servername o be > present in the SAN as well as in the CN. MS Edge displays a > NET::ERR_CERT_COMMON_NAME_INVALID error if the SAN is’n present, Firefox > refuses to connect. This seems to be the normal behaviour not, see Support > for commonName matching in Certificates - Chrome Platform Status > (chromestatus.com) <https://www.chromestatus.com/feature/4981025180483584> > for example. > > Regards, > Tom. > > Von: Ludovic Zammit <[email protected]> > Gesendet: Montag, 7. Dezember 2020 14:56 > An: [email protected] > Cc: [email protected] > Betreff: Re: [PacketFence-users] Packetfence PKI add SAN > > Hello Tom, > > Which browsers? Did you install the PacketFence PKI Root CA on the testing > device? > > Because without the Root Ca installed on either device, it would not be able > to trust the certificate issued by the PacketFence PKI and also the chain. > > Thanks, > > Ludovic Zammit > [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: > www.inverse.ca <http://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > > >> On Dec 7, 2020, at 6:36 AM, tom--- via PacketFence-users >> <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi, >> >> I am using Packetfence 10.2 and have configured the internal PKI to deploy >> certificates to clients which works fine. I thought I’ld use the PKI also to >> create certificates for internal Web Servers. This works in general but >> Browsers show errors as no SAM is given in the certificate. Is there a way >> to add SANs to the certificate? >> >> Thanks, >> Tom. >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> <https://lists.sourceforge.net/lists/listinfo/packetfence-users>
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
