Apologies if I should ask this elsewhere, google search is not helping.
I've got a CentOS5 server with lighttpd installed from EPEL, configured for https only (no connections on ports other than 443). I have the latest security updates for openssl, etc. However, when connecting to the server with recent Chrome from Windows or Android, I get the "Your connection is not private" dialog with "NET::ERR_CERT_VALIDITY_TOO_LONG".
Is this just a configuration issue (in which case, what do I change?) or do I need to further upgrade one of lighttpd or openssl?
Thanks for any feedback.
On Mon, 20 Apr 2015 15:12:36 -0700 Bart Schaefer wrote:
Is this just a configuration issue (in which case, what do I change?)
Your certificate is apparently valid for longer than 39 months.
Running your error message "NET::ERR_CERT_VALIDITY_TOO_LONG" through google returns pages and pages of information explaining this issue.
Thanks, I just found that one myself. In fact on a different platform the error message from Chrome actually explains it directly rather than just quote the error string.
I was too focused on restricting the search to lighttpd and not enough on the error string.
On Mon, Apr 20, 2015 at 3:20 PM, Frank Cox theatre@melvilletheatre.com wrote:
On Mon, 20 Apr 2015 15:12:36 -0700 Bart Schaefer wrote:
Is this just a configuration issue (in which case, what do I change?)
Your certificate is apparently valid for longer than 39 months.
Running your error message "NET::ERR_CERT_VALIDITY_TOO_LONG" through google returns pages and pages of information explaining this issue.
-- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 4/20/2015 3:12 PM, Bart Schaefer wrote:
"NET::ERR_CERT_VALIDITY_TOO_LONG".
Is this just a configuration issue (in which case, what do I change?) or do I need to further upgrade one of lighttpd or openssl?
says your certificate's valid interval is too long. recent chrome rejects certs that are valid for 40+ months.
You need to reissue cert with stronger hash algorithm than sha1
Eero 21.4.2015 1.13 ap. "Bart Schaefer" barton.schaefer@gmail.com kirjoitti:
Apologies if I should ask this elsewhere, google search is not helping.
I've got a CentOS5 server with lighttpd installed from EPEL, configured for https only (no connections on ports other than 443). I have the latest security updates for openssl, etc. However, when connecting to the server with recent Chrome from Windows or Android, I get the "Your connection is not private" dialog with "NET::ERR_CERT_VALIDITY_TOO_LONG".
Is this just a configuration issue (in which case, what do I change?) or do I need to further upgrade one of lighttpd or openssl?
Thanks for any feedback. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos