Internal certificates and Subject Alternative Names problem still exists?

opnsense_user12123 · December 19, 2017, 07:07:38 AM

Could it be, that this Problem using alternative names still exists ?
I tried this Feature with no luck!
Should be solved - really ?

original posting:
https://forum.opnsense.org/index.php?topic=1160.msg3172#msg3172

franco · December 19, 2017, 07:47:15 AM

If you ask this way I'm inclined to say yes... There was, however, a bug in 17.7.9 that briefly prevented SAN due to an incompatibility with PHP 7.1 that was subsequently fixed.

So... what version are you on, what issue are you seeing? :)

Cheers,
Franco

opnsense_user12123 · December 19, 2017, 10:56:43 AM

The latest version avaible. 17.7.10

opnsense_user12123 · December 19, 2017, 10:59:20 AM

The problem is that alternative names will not be accepted. Of course you can create the certificate without any problem and export it But then , after importing the certificate On the server the web browser does not accept any of the values I had entered before for the alternative names.
Ip, Uri, DNS.its all the same problem. So I can't browse the server with any value.

It's very difficult to describe and my English is not so well but there is a real problem with the alternative names for sure.

opnsense_user12123 · December 22, 2017, 10:02:43 PM

i got the solution on this!

i had to enable "Log SNI information only".

what does this setting exactly do ?
Is it wrong to enable this feature ?
Does it have any disadvantages ?

Internal certificates and Subject Alternative Names problem still exists?

opnsense_user12123

December 19, 2017, 07:07:38 AM

franco

December 19, 2017, 07:47:15 AM #1

opnsense_user12123

December 19, 2017, 10:56:43 AM #2 Last Edit: December 19, 2017, 03:29:54 PM by opnsense_user12123

opnsense_user12123

December 19, 2017, 10:59:20 AM #3 Last Edit: December 19, 2017, 11:26:13 AM by opnsense_user12123

opnsense_user12123

December 22, 2017, 10:02:43 PM #4