Skip to content

Latest Chrome on Mac doesn't allow forcing through self signed certificate #1637

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nhooyr opened this issue May 14, 2020 · 5 comments
Closed

Latest Chrome on Mac doesn't allow forcing through self signed certificate #1637

nhooyr opened this issue May 14, 2020 · 5 comments
Labels
enhancement Some improvement that isn't a feature

Comments

@nhooyr
Copy link
Contributor

nhooyr commented May 14, 2020

Latest chrome on Mac, just no option to continue

image

Some research suggests there may be something wrong about our self signed certificate. Something to do with subjectAltName not being set?
@nhooyr nhooyr added the enhancement Some improvement that isn't a feature label May 14, 2020
@nhooyr nhooyr changed the title Chrome doesn't allow forcing through self signed certificate Latest Chrome on Mac doesn't allow forcing through self signed certificate May 14, 2020
@nhooyr
Copy link
Contributor Author

nhooyr commented May 14, 2020

Works in Safari btw, I can force through.

@keiththomps
Copy link

I was running into this a few months ago when running on a CentOS 7 server and trying to connect from Catalina. You need a new enough version of OpenSSL (I used 1.1.1). The following will generate a cert that meets the requirements in case this is useful for anyone else:

/usr/local/ssl/bin/openssl req -newkey rsa:2048 -nodes \
  -x509 -days 365 \
  -out cert.pem \
  -keyout key.pem \
  -config /etc/pki/tls/openssl.cnf \
  -subj "/C=US/ST=Ohio/L=Columbus/O=Business./CN=Server" \
  -addext extendedKeyUsage=serverAuth \
  -addext subjectAltName=DNS:localhost

@nhooyr
Copy link
Contributor Author

nhooyr commented Jun 9, 2020

Awesome!

Let's add this to the FAQ or make code-server automatically generate it correctly.

@nhooyr
Copy link
Contributor Author

nhooyr commented Jun 9, 2020

Related to https://7402.org/blog/2019/new-self-signed-ssl-cert-ios-13.html

@nhooyr
Copy link
Contributor Author

nhooyr commented Dec 2, 2020

I ended up fixing this in #2255

@nhooyr nhooyr closed this as completed Dec 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Some improvement that isn't a feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@keiththomps @nhooyr