info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
OpenSSL method for creating certificate outdated for Google Chrome?
16 views
Skip to first unread message
Thomas Barth
Dec 27, 2014, 6:55:12 AM12/27/14
to
Hello,
I had to renew a self signed certificate for Apache2 webserver
(Apache/2.2.16 Debian) and after importing the certificate as CA, Google
Chrome still says, that the Website is using old security settings and
it may be possible that further chrome versions can't read the settings
for sure. I would like to know what I have to change to get rid of this
warning.
I used the official openssl method to create the certificate as
described in https://www.openssl.org/docs/HOWTO/certificates.txt
# generate private rsa key
openssl genrsa -out sub.domain.key 4096
# creating a self-signed test certificate
openssl req -new -x509 -key sub.domain.key -out sub.domain.crt -days 1095
In apache2 default-ssl
SSLEngine on
SSLCertificateFile /etc/ssl/certs/sub.domain.crt
SSLCertificateKeyFile /etc/ssl/certs/sub.domain.key
In another docu I read to add the following lines to get more security
SSLHonorCipherOrder On
SSLCipherSuite
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
But with these settings I get the same warning.
The webserver is not really public, it s only used by a very small group
of people who all import the self signed certificate. But what could
cause the warning in Google Chrome?
Thomas B.
I had to renew a self signed certificate for Apache2 webserver
(Apache/2.2.16 Debian) and after importing the certificate as CA, Google
Chrome still says, that the Website is using old security settings and
it may be possible that further chrome versions can't read the settings
for sure. I would like to know what I have to change to get rid of this
warning.
I used the official openssl method to create the certificate as
described in https://www.openssl.org/docs/HOWTO/certificates.txt
# generate private rsa key
openssl genrsa -out sub.domain.key 4096
# creating a self-signed test certificate
openssl req -new -x509 -key sub.domain.key -out sub.domain.crt -days 1095
In apache2 default-ssl
SSLEngine on
SSLCertificateFile /etc/ssl/certs/sub.domain.crt
SSLCertificateKeyFile /etc/ssl/certs/sub.domain.key
In another docu I read to add the following lines to get more security
SSLHonorCipherOrder On
SSLCipherSuite
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
But with these settings I get the same warning.
The webserver is not really public, it s only used by a very small group
of people who all import the self signed certificate. But what could
cause the warning in Google Chrome?
Thomas B.
ammy...@gmail.com
Jan 14, 2019, 11:38:49 AM1/14/19
to
ขึเมื่อ วันเสาร์ที่ 27 ธันวาคม ค.ศ. 2014 18 นาฬิกา 55 นาที 12 วินาที UTC+7, Thomas Barth เขียนว่า:
> Thomas B.9
เมื่อ วันเสาร์ที่ 27 ธันวาคม ค.ศ. 2014 18 นาฬิกา 55 นาที 12 วินาที UTC+7, Thomas Barth เขียนว่า:
เมื่อ วันเสาร์ที่ 27 ธันวาคม ค.ศ. 2014 18 นาฬิกา 55 นาที 12 วินาที UTC+7, Thomas Barth เขียนว่า:
Lorinczy Zsigmond
Jan 24, 2019, 5:26:24 AM1/24/19
to
Woould you mind quoting the complete error message you got from Chrome?
0 new messages