Hi folks, My freeipa installation (Centos 7.3, freeipa 4.4.0) was signed by an external root CA. Problem:
Even though I have imported the root CA and clicked on all the trust checkboxes, chromium complains about the certificate of the web admin interface running on https://ipa1.example.com/ : - Subject Alternative Name missing The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address. - Certificate error There are issues with the site's certificate chain (net::ERR_CERT_COMMON_NAME_INVALID). The CN is "ipa1.example.com", matching the host name. The Subject Alternative Name is Not Critical Microsoft Principal Name: HTTP/ipa1.example....@example.com OID.1.3.6.1.5.2.2: 30 30 A0 0B 1B 09 41 49 58 49 47 4F 2E 44 45 A1 21 30 1F A0 03 02 01 01 A1 18 30 16 1B 04 48 54 54 50 1B 0E 69 70 61 31 2E 61 69 78 69 67 6F 2E 64 65 I haven't seen this mentioned here, but Google provides some more information: https://support.google.com/chrome/a/answer/7391219?hl=en How can I tell freeipa? Every helpful comment is highly appreciated Harri _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org