minica icon indicating copy to clipboard operation
minica copied to clipboard

Published 20 hours ago verified publisher icon jsha

Please add Subject alternative name

Open ghost opened this issue 6 years ago • 4 comments
trafficstars

Subject alternative name is needed for ios support. Please mark it also as critical

[ req_ext ]
subjectAltName = @alt_names

[ alt_names ]
IP.1 = MYSERVERIP

ghost avatar Dec 19 '18 18:12 ghost

This tool already fills in the subjectAlternativeName field. It does noy mark it critical, since that's not required. Can you link me to documentation about the problem you are facing?

On Wed, Dec 19, 2018, 10:49 Haxy89 <[email protected] wrote:

Subject alternative name is needed for ios support. Please mark it also as critical

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jsha/minica/issues/16, or mute the thread https://github.com/notifications/unsubscribe-auth/AANcLYBISR2HtbIViz3eQfX4I5QigmrRks5u6opBgaJpZM4Za0Ks .

jsha avatar Dec 19 '18 19:12 jsha

Bassicly there is a problem with self signed cert on IOS and other Apple system. I added ca cert to my IOS then I set my server to use cert.pem and key.pem but still cant access from IOS. I read that marked subjectAlternativeName as critical could help because I use server IP as CN.

Command I run to generate files: minica -ip--addresses 192.168.0.19

Also the server that I want to use have this in docs: Due to what is likely a certificate validation bug in Android, you need to make sure that your certificate includes the full chain of trust.

Can you tell me how to generate full chain from files generated by minica?

ghost avatar Dec 19 '18 19:12 ghost

It sounds like your problem needs a little more in-depth debugging than we can do in this GitHub issue thread. Could you post some of the details of your setup at https://community.letsencrypt.org/ and we can discuss further there?

On Wed, Dec 19, 2018, 11:33 Haxy89 <[email protected] wrote:

Bassicly there is a problem with self signed cert on IOS and other Apple system. I added ca cert to my IOS then I set my server to use cert.pem and key.pem but still cant access from IOS. I read that marked subjectAlternativeName as critical could help because I use server IP as CN.

Command I run to generate files: minica -ip--addresses 192.168.0.19

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/jsha/minica/issues/16#issuecomment-448717051, or mute the thread https://github.com/notifications/unsubscribe-auth/AANcLX8cyOnd95ml-ZeOug6BinxHI_wjks5u6pR5gaJpZM4Za0Ks .

jsha avatar Dec 19 '18 19:12 jsha

Ok I created new topic https://community.letsencrypt.org/t/generate-proper-self-signed-certificate-working-on-ios/80551

ghost avatar Dec 19 '18 19:12 ghost