Bart Schaefer
2015-Apr-20 22:12 UTC
[CentOS] CentOS5 + lighttpd (EPEL) - fix Chrome security warning?
Apologies if I should ask this elsewhere, google search is not helping. I've got a CentOS5 server with lighttpd installed from EPEL, configured for https only (no connections on ports other than 443). I have the latest security updates for openssl, etc. However, when connecting to the server with recent Chrome from Windows or Android, I get the "Your connection is not private" dialog with "NET::ERR_CERT_VALIDITY_TOO_LONG". Is this just a configuration issue (in which case, what do I change?) or do I need to further upgrade one of lighttpd or openssl? Thanks for any feedback.
Frank Cox
2015-Apr-20 22:20 UTC
[CentOS] CentOS5 + lighttpd (EPEL) - fix Chrome security warning?
On Mon, 20 Apr 2015 15:12:36 -0700 Bart Schaefer wrote:> Is this just a configuration issue (in which case, what do I change?)Your certificate is apparently valid for longer than 39 months. Running your error message "NET::ERR_CERT_VALIDITY_TOO_LONG" through google returns pages and pages of information explaining this issue. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
John R Pierce
2015-Apr-20 22:22 UTC
[CentOS] CentOS5 + lighttpd (EPEL) - fix Chrome security warning?
On 4/20/2015 3:12 PM, Bart Schaefer wrote:> "NET::ERR_CERT_VALIDITY_TOO_LONG". > > Is this just a configuration issue (in which case, what do I change?) > or do I need to further upgrade one of lighttpd or openssl?says your certificate's valid interval is too long. recent chrome rejects certs that are valid for 40+ months. -- john r pierce, recycling bits in santa cruz
Bart Schaefer
2015-Apr-20 22:22 UTC
[CentOS] CentOS5 + lighttpd (EPEL) - fix Chrome security warning?
Thanks, I just found that one myself. In fact on a different platform the error message from Chrome actually explains it directly rather than just quote the error string. I was too focused on restricting the search to lighttpd and not enough on the error string. On Mon, Apr 20, 2015 at 3:20 PM, Frank Cox <theatre at melvilletheatre.com> wrote:> On Mon, 20 Apr 2015 15:12:36 -0700 > Bart Schaefer wrote: > >> Is this just a configuration issue (in which case, what do I change?) > > Your certificate is apparently valid for longer than 39 months. > > Running your error message "NET::ERR_CERT_VALIDITY_TOO_LONG" through google returns pages and pages of information explaining this issue. > > -- > MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
Eero Volotinen
2015-Apr-20 22:23 UTC
[CentOS] CentOS5 + lighttpd (EPEL) - fix Chrome security warning?
You need to reissue cert with stronger hash algorithm than sha1 Eero 21.4.2015 1.13 ap. "Bart Schaefer" <barton.schaefer at gmail.com> kirjoitti:> Apologies if I should ask this elsewhere, google search is not helping. > > I've got a CentOS5 server with lighttpd installed from EPEL, > configured for https only (no connections on ports other than 443). I > have the latest security updates for openssl, etc. However, when > connecting to the server with recent Chrome from Windows or Android, I > get the "Your connection is not private" dialog with > "NET::ERR_CERT_VALIDITY_TOO_LONG". > > Is this just a configuration issue (in which case, what do I change?) > or do I need to further upgrade one of lighttpd or openssl? > > Thanks for any feedback. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >