Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
Kozlov2022-02-28 09:52:47
ubuntu
Kozlov, 2022-02-28 09:52:47

How to add root selfsigned certificate in linux mint?

There is a servers.domain.local server (Windows Server IIS), a selfsigned certificate has been issued to it via powershell

New-SelfSignedCertificate -Subject "servers.domain.local" -TextExtension @("2.5.29.17={text}DNS=servers.domain.local&IPAddress=192.168.1.4&IPAddress=::1")

On machines with Windows spread out by policy, everything works fine. Manually on non-domain computers is also added and everything works.
But, there are cars with linux mint, and even when installing it into the system, the google chrome browser (it is the main one used) does not trust this certificate.
How to issue a certificate for local machines so that everything works on both win and linux?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
K
Kozlov, 2022-02-28
@romandkoz

So, I solved the issue by issuing a new certificate with a CA and alternative server names (needed for chrome)
Create a root certificate

openssl ecparam -out ca.key -name prime256v1 -genkey
openssl req -new -sha256 -key ca.key -out ca.csr
openssl x509 -req -sha256 -days 365 -in ca.csr -signkey ca.key -out ca.crt

Create a server certificate
openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr -config san.cnf
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -extensions req_ext -extfile san.cnf

San.cnf body
[req]
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no

[req_distinguished_name]
C   = RU
ST  = Russia
L   = Moscow
O   = ORG
OU  = ORG
CN  = server.domain.local

[req_ext]
subjectAltName = @alt_names

[alt_names]
IP.1 = 192.168.1.4
DNS.1 = server.domain.local

Convert to pfx
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt

Next, server.pfx was installed on the IIS server, and ca.crt was spread with policies on Windows cars, and added to the Linux root ones. Everything is working!

Report
A
AlexVWill, 2022-02-28
@AlexVWill

/etc/ssl/certs
/etc/ssl/private
700 to root:root

Similar questions
T
Torento203452021-04-03 14:07:13
Where did the word proxy come from? 4Reply
D
Denis Sechin2018-07-31 15:36:33
Can't delete a folder that I own? 5Reply
D
Dmitry Pavlov2013-12-07 20:26:00
As a web server, how efficient is it to use such hardware? 2Reply
I
Ilya Pavlov2016-03-12 16:03:02
Ubuntu packages not installing? 3Reply
T
TANK_IST2016-03-14 15:00:18
Why are processes being killed in cron? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question