Hi,
yes, Root CA is installed. But modern browsers require the servername o be present in the SAN as well as in the CN. MS Edge displays a NET::ERR_CERT_COMMON_NAME_INVALID error if the SAN is’n present, Firefox refuses to connect. This seems to be the normal behaviour not, see <https://www.chromestatus.com/feature/4981025180483584> Support for commonName matching in Certificates - Chrome Platform Status (chromestatus.com) for example. Regards, Tom. Von: Ludovic Zammit <[email protected]> Gesendet: Montag, 7. Dezember 2020 14:56 An: [email protected] Cc: [email protected] Betreff: Re: [PacketFence-users] Packetfence PKI add SAN Hello Tom, Which browsers? Did you install the PacketFence PKI Root CA on the testing device? Because without the Root Ca installed on either device, it would not be able to trust the certificate issued by the PacketFence PKI and also the chain. Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <http://www.inverse.ca> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) On Dec 7, 2020, at 6:36 AM, tom--- via PacketFence-users <[email protected] <mailto:[email protected]> > wrote: Hi, I am using Packetfence 10.2 and have configured the internal PKI to deploy certificates to clients which works fine. I thought I’ld use the PKI also to create certificates for internal Web Servers. This works in general but Browsers show errors as no SAM is given in the certificate. Is there a way to add SANs to the certificate? Thanks, Tom. _______________________________________________ PacketFence-users mailing list <mailto:[email protected]> [email protected] <https://lists.sourceforge.net/lists/listinfo/packetfence-users> https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
