Web lists-archives.com

Re: Help, I broke sso.debian.org for chrome




On Tue, Sep 05, 2017 at 12:16:47PM +0200, Christoph Berg wrote:

> My guess is that the new-style certificates are missing some
> attributes:
> 
> Old certificate from 2015:
> 
>         X509v3 extensions:
>             X509v3 Basic Constraints: critical
>                 CA:FALSE
>             X509v3 Key Usage: critical
>                 Digital Signature, Key Encipherment, Key Agreement
>             X509v3 Extended Key Usage: 
>                 TLS Web Client Authentication
> 
> New certificate from this week:
> 
>         X509v3 extensions:
>             X509v3 Subject Alternative Name: 
>                 email:myon@xxxxxxxxxx
>             X509v3 Basic Constraints: critical
>                 CA:FALSE
> 
> I'll see if I can add that.

I should have managed to do it, but chrome still doesn't seem to like
it. Can you generate a new certificate and see if you still find
differences?


Enrico

-- 
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@xxxxxxxxxxxxxx>

Attachment: signature.asc
Description: PGP signature