cr314 Regular Contributor.
Regular Contributor.
699 views

Self-signed certificate for PAM and Chrome

Hello everyone,

I'm installed a self-signed certificate in PAM, when I'm using Chrome ver 72 I saw the next message when I try to access to Framework Manager:

NET::ERR_CERT_COMMON_NAME_INVALID

In this link https://productforums.google.com/forum/#!topic/chrome/ndYP3Ca36Og, they mentioned that "Chrome 58 no longer matches the Common Name (CN) in certs". This applied for most recent versions.

Could you tell me please How can generate a CSR to generate a self-signed certificate to use with Chrome?

I tested with Microsoft Edge and Firefox, it's working with those browsers.

Thanks in advance.

Regards.
0 Likes
4 Replies
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: Self-signed certificate for PAM and Chrome

On 16.03.19 02:04, Crmx123 wrote:
>
> Hello everyone,
>
> I'm installed a self-signed certificate in PAM, when I'm using Chrome
> ver 72 I saw the next message when I try to access to Framework Manager:
>
>
> NET::ERR_CERT_COMMON_NAME_INVALID
>
> In this link
> https://productforums.google.com/forum/#!topic/chrome/ndYP3Ca36Og, they
> mentioned that "Chrome 58 no longer matches the Common Name (CN) in
> certs". This applied for most recent versions.
>
> Could you tell me please How can generate a CSR to generate a
> self-signed certificate to use with Chrome?
>
> I tested with Microsoft Edge and Firefox, it's working with those
> browsers.
>
> Thanks in advance.
>
> Regards.
>
>


Hi,

The easiest (in my world) would be to use openssl to create an
selfsigned CA, which you use to sign the CSR from PAM. That would allow
you to import the public CA certificate which would then allow you to
connect to PAM with Chrome.

A good starting point would be:
https://kb.op5.com/pages/viewpage.action?pageId=19073746


Casper
0 Likes
cr314 Regular Contributor.
Regular Contributor.

Re: Self-signed certificate for PAM and Chrome

0 Likes
achinayoung_wau Respected Contributor.
Respected Contributor.

Re: Self-signed certificate for PAM and Chrome

cpedersen;2497114 wrote:
On 16.03.19 02:04, Crmx123 wrote:
The easiest (in my world) would be to use openssl to create an
selfsigned CA, which you use to sign the CSR from PAM. That would allow
you to import the public CA certificate which would then allow you to
connect to PAM with Chrome.

A good starting point would be:
https://kb.op5.com/pages/viewpage.action?pageId=19073746

Casper


The problem with this is the RSA key. Manually generating one with OpenSSL means a RSA key is created. How do you provide this key to PAM along with the CRT?
0 Likes
achinayoung_wau Respected Contributor.
Respected Contributor.

Re: Self-signed certificate for PAM and Chrome

For the "Alternative Names" field, try specifying the alternate names like so:
DNS:<name 1>, DNS: <name 2>, DNS: <name 3>
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.