Why self-signed ERR_CERT_COMMON_NAME

B

BonBon Slick2021-09-18 23:57:08

Digital certificates

BonBon Slick, 2021-09-18 23:57:08

Why self-signed ERR_CERT_COMMON_NAME_INVALID?

The site is local, test.com is registered in hosts

Generation example
https://support.kaspersky.com/ScanEngine/1.0/en-US...

openssl req -newkey rsa:4096 \
            -x509 \
            -sha256 \
            -days 3650 \
            -nodes \
            -out example.crt \
            -keyout example.key

nginx resolves certs that /etc/ssl/localcerts

on them chmod 777

certs added to the authority of browsers and OS
https://support.kaspersky.com/ScanEngine/1.0/en-US...
https://stackoverflow.com/questions /7580508/gettin...

But it still gives me an error

Your connection is not private
Attackers might be trying to steal your information from test.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
Subject: test.com
Issuer: test.com
Expires on: Sep 16, 2031
Current date: Sep 18, 2021

SSL Client Certificate
SSL Server Certificate
Email Signer Certificate
Email Encryption Certificate
SSL Certification Authority
Status Responder Certificate
Common Name (CN)	test.com
Organization (O)	Internet Widgits Pty Ltd
Organizational Unit (OU)	<Not Part Of Certificate>
Common Name (CN)	test.com
Organization (O)	Internet Widgits Pty Ltd
Organizational Unit (OU)	<Not Part Of Certificate>
Issued On	Saturday, September 18, 2021 at 11:26:08 PM
Expires On	Tuesday, September 16, 2031 at 11:26:08 PM
SHA-256 Fingerprint	BC 8D 18 4B A3 69 DF 62 15 66 D6 D8 DE 9F 97 31
A4 D9 F5 43 1C 60 F9 05 7D 7A D0 AD 78 40 C9 79
SHA-1 Fingerprint	60 7E E2 3F F5

The ssl disable flags will certainly help, but I don’t understand why the cert does not recognize.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Andrey Barbolin, 2021-09-19
@BonBonSlick

COMMON_NAME_INVALID - says that the domain name in the URL does not match the CN in the certificate.