Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
strelkovandreyv2019-08-31 16:52:25
Apache HTTP Server
strelkovandreyv, 2019-08-31 16:52:25

What is the correct way to create a certificate for Apache in Microsoft Certification Authority?

Good afternoon, tell me please.
There is a Microsoft Certification Authority on the intranet, with the help of which I issue a certificate
Recently I needed to issue a certificate for a web site running on the same network on Apache
Did according to this manual Everything was successful, only this site successfully and without swearing at an invalid certificate works only in
Internet Explorer
Google Chrome, on opening, swears at err_cert_common_name_invalid (as common_name it specified the domain name of the site from dns, for example mysupersite.mm)
What could be the problem? Trying to google, I came up with the fact that the problem is in a certain SAN, but not a fact

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
P
Pavel Mezhuev, 2019-09-01
@strelkovandreyv

Trying to google, I came up with the fact that the problem is in a certain SAN, but not a fact

The problem is not in the SAN (subjectAltName), but in its absence. From RFC 2818:
If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used. Although
the use of the Common Name is existing practice, it is deprecated and
Certification Authorities are encouraged to use the dNSName instead.

To solve the problem, you need to prepare a new request by adding subjectAltName to it. This can be done using the openssl.cnf file, an example is below.
openssl.cnf
[req]
distinguished_name = req_distinguished_name
prompt = no
req_extensions = v3_req
[req_distinguished_name]
C = RU
ST = State or Province Name
L = Locality Name
O = Organization Name
OU = Organizational Unit Name
emailAddress = [email protected]
CN = Common Name
[ v3_req ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = example.com
DNS.2 = www.example.com
openssl genrsa -out cert.key 4096
openssl req -new -out cert.csr -key cert.key -config openssl.cnf

Then everything is as usual.

Similar questions
B
BATYA2016-06-25 23:40:48
Why is Refresh happening? 1Reply
P
pacman6672014-05-21 15:48:58
How to make a website on home hosting available to every Internet user? 2Reply
E
evil0o2014-05-21 17:52:07
How to configure nginix and apache if there are several sites? 1Reply
K
Katrina24102022-01-25 12:53:17
After uploading to the server, the Laravel application gives an error 500, how to fix it? 1Reply
A
arty_sh2016-06-28 13:02:43
How to set exclusions in .htaccess? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question