Subj : Re: Chromium and self-signed certificates To : Richard Kettlewell From : bp@www.zefox.net Date : Sun Sep 01 2024 00:23:58 Richard Kettlewell wrote: > writes: >> The reference to "scrambled credentials" implies a syntax error, some >> kind of credential checker would be a useful tool at this point. > > I see nothing about “scrambled credentials” above. If the browser got as > far as displaying the certificate subject then it is certainly > syntactically well-formed, your browser just doesn’t like the contents. > Sorry, that terminology came from the informational window presented by Chromium saying it didn't like the certificate. > You will probably need at least a subjectAltName extension containing > the DNS name of your server. This has been a cabforum.org requirement > for real certificates for a long time and I don’t know of any reason it > wouldn’t apply to self-signed certificates too. The DNS name is displayed in the Common Name, pelorus.zefox.org, which I thought was sufficient. Lawrence D'Oliviero's reply following yours touches on what I suspect is my greatest misunderstanding: I thought a self-signed certificate stood on its own. If I'm reading right (and it's early times still) it looks like I need both server certificate _and_ CA-certificate files. That is something I didn't catch on to until just now. Thanks for writing, bob prohaska --- SoupGate-Win32 v1.05 * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3) .