Wilrdcard certs?Ac

[prologic]

According to the README wildcard certs are supported.

But I've just tried this and Chrome (at least) gets an error:

NET::ERR_CERT_COMMON_NAME_INVALID
Subject: *.home.arpa
Issuer: minica root ca 44c4c0
Expires on: 2 May 2024
Current date: 2 Apr 2022

Similar errors appear in a Go project that uses minica here:

WARN[0030] error looking up user endpoint                error="error looking up user [email protected]: https://home.arpa/.well-known/salty/salty.json: client.Do fail: Get \"https://home.arpa/.well-known/salty/salty.json\": x509: “*.home.arpa” certificate name does not match input"

What am I missing? I see a PR #45 that adds a -common flag to the cli but I'm not actually sure if this will help?

[michelbieleveld]

Not sure never used this tool was just checking it out, but normally *.home.arpa does not cover home.arpa, you would need to specify both in the request. Again not sure if possible here, but that would likely solve the problem.

[michelbieleveld]

Yes, supported like this

minica --domains '*.foo.com,foo.com'

[prologic]

Yes, supported like this

minica --domains '*.foo.com,foo.com'

You are correct! This was just a bad invocation on my part 😆

[joegyoung]

I tried this ./minica --domains '*.home,home' for https://bitwarden.home/. It didn't match. I get NET::ERR_CERT_COMMON_NAME_INVALID Is there something I should do?

[goshander]

I tried this ./minica --domains '*.home,home' for https://bitwarden.home/. It didn't match. I get NET::ERR_CERT_COMMON_NAME_INVALID Is there something I should do?

Same issue, minica does not support first level wildcard cert, you need use *.bitwarden.home,bitwarden.home as a domain arg

[DeyV]

I see a PR https://github.com/jsha/minica/pull/45 that adds a -common flag to the cli but I'm not actually sure if this will help

Yes - it is exactly reason why this PR wait for merging ...