I just made a new certificate using my own CA with the UI in pfsense 2.3.2-p1 for one of my firewalls. It appears that how it is generated does not allow Chrome or Firefox to recognize it by the CN, only the aliases.
A certificate I generated using the UI in 2014 does however, work with the aliases and the CN. They appear to be produced very differently then vs. now: Subject: C=US, ST=Maryland, L=Rockville, O=Khera Communications Inc/emailAddress=kh...@example.com, CN=rockville-fw-a/subjectAltName=DNS: rockville-fw-a.int.example.com,DNS:rockville-fw-a.example.com but now we get: Subject: C=US, ST=Maryland, L=Rockville, O=Khera Communications Inc/emailAddress=kh...@example.com, CN=ashburn-fw-a.example.com and lower down the aliases in the X509v3 extensions area are the aliases: X509v3 Subject Alternative Name: DNS:ashburn-fw-a, DNS:ashburn-fw-a-prv Did I do something differently/incorrectly? I filled out the form the obvious way. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
