Hello together,
Suddenly I am facing the same issue when users Chrome has been updated
to V58. I am running Squid 3.5.23.
This is the reason:
https://www.thesslstore.com/blog/security-changes-in-chrome-58/
Short: Common Name Support Removed in Chrome 58 and Squid does not
create certs with DNS-Alternatives names in it. Because of that it
fails.
Chrome says:
1. Subject Alternative Name Missing - The certificate for this site does
not contain a Subject Alternative Name extension containing a domain
name or IP address.
2. Certificate Error - There are issues with the site's certificate
chain (net::ERR_CERT_COMMON_NAME_INVALID).
Can we get Squid to add the DNS-Alternative Name to the generated certs?
Since this is what I believe is now required in Chrome 58+
Best regards,
Enrico
Am 2017-04-21 15:35, schrieb Yuri Voinov:
I see no problem with it on all five SSL Bump-aware servers with new
Chrome. So fare so good.
21.04.2017 18:29, Marko Cupać пишет:
Hi,
I have squid setup with ssl bump which worked fine, but since I
updated
chrome to 58 it won't display any https sites, throwing
NTT:ERR_CERT_COMMON_NAME_INVALID. https sites still work in previous
chrome version, as well as in IE.
Anything I can do in squid config to get ssl-bumped sites in chrome
again?
Thank you in advance,
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
