You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Client (e.g. browser, CLI tool, or script):
OpenDJ 3.5
What you did
Consider legacy soft that expected the server name to match certificate's common name.
What went wrong
That soft issues verification error, since real name of the server resides in SAN Extension.
The Certificate presented by the server example.com could not be trusted. There is a name mismatch between the name of the server (example.com) and the subject DN of the certificate. This could be caused because you are connected to a server pretending to be example.com. Before accepting this certificate, you should examine the server's certificate carefully.
Expected result
If mkcert doesn't allow deprecated usage of common name field in subject, it must specify, that SAN extension is critical, so that legacy soft doesn't try to use it in deprecated way. The error message would be something like 'unsupported certificate purpose'.
The text was updated successfully, but these errors were encountered:
Environment
Operating system (including version):
any
mkcert version (from
mkcert -version):1.4.4
Server (where the certificate is loaded):
any
Client (e.g. browser, CLI tool, or script):
OpenDJ 3.5
What you did
Consider legacy soft that expected the server name to match certificate's common name.
What went wrong
That soft issues verification error, since real name of the server resides in SAN Extension.
The Certificate presented by the server example.com could not be trusted. There is a name mismatch between the name of the server (example.com) and the subject DN of the certificate. This could be caused because you are connected to a server pretending to be example.com. Before accepting this certificate, you should examine the server's certificate carefully.
Expected result
If mkcert doesn't allow deprecated usage of common name field in subject, it must specify, that SAN extension is critical, so that legacy soft doesn't try to use it in deprecated way. The error message would be something like 'unsupported certificate purpose'.
The text was updated successfully, but these errors were encountered: