On 9/23/21 9:49 AM, L.P.H. van Belle wrote: > sadly yes.. > https://chromium.googlesource.com/chromium/src/+/HEAD/net/docs/certificate_lifetimes.md AFAICT, the above article says that Chrome only applies the 398-day restriction to certificates signed by CAs that are trusted in a _default_ installation of Chrome (i.e. the so called "publicly trusted CAs"). Rob's custom CA is not one of those publicly trusted CAs. Evidently, either the 398-day restriction is now applied to more situations than those described in the article OR Rob has circumvented Crhome's idea of "publicly trusted CAs". Alex. > ------------------------------------------------------------------------ > *Van:* squid-users > [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] *Namens *robert k > Wild > *Verzonden:* donderdag 23 september 2021 14:53 > *Aan:* squid-users@xxxxxxxxxxxxxxxxxxxxx > *Onderwerp:* net err cert validity too long - > chrome/safari > > hi all, > > i get this error on chrome and safari, when i access the same > website on firefox i get the proxy error page as i havnt whitelisted > this site, when i whitelist it, i can get on the website on all > three diff browsers and when i take it off the whitelist exactly the > same before > > i have googled and its because my cert is too long age, i made it > 999 days and i find out now it should be longer than 397 days > > is this correct? > > thanks, > rob > > -- > Regards, > > Robert K Wild. > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
