Streisand: HTTPS connection to VPN server is "Not Secure" in Chrome

Created on 23 Apr 2017  路  6Comments  路  Source: StreisandEffect/streisand

Sorry if this is really dumb question, but after adding the certificate provided after installation & marking it as "Always trust" for SSL, the connection to VPN server by HTTPS is reported as not being secure in Chrome.

Is this considered OK, or am missing something?

image

aretls kinbug kinclient kinquestion

Most helpful comment

for those who land here and want to (temporarily) resolve this, see below link:

https://www.chromium.org/administrators/policy-list-3#EnableCommonNameFallbackForLocalAnchors

All 6 comments

do you access it by IP ? chrome does not like SSL over IP

Have to agree that after the pain to manually add the cert, that error isn't very user friendly.
As the error says, this is due to missing subject alternative name in the cert.
Maybe that feature could be added to Streisand cert generation.
See here some references on how that could be done:

I've captured the need for an IP type SAN for the self-signed gateway certificate here: https://github.com/jlund/streisand/issues/641

I have larger plans to rework the certificate generation that I hope to get to in the next few weeks that will address #641 and some other related problems.

I'm going to close this issue in the meantime since it isn't actionable and the root cause of the error has been explained. Thanks for reporting! Please follow #641 for updates.

for those who land here and want to (temporarily) resolve this, see below link:

https://www.chromium.org/administrators/policy-list-3#EnableCommonNameFallbackForLocalAnchors

Thank you for the document pointer; it explains Chrome鈥檚 policy well.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

M-Razavi picture M-Razavi  路  5Comments

wicknet picture wicknet  路  5Comments

markwyner picture markwyner  路  3Comments

hamidzr picture hamidzr  路  3Comments

Vonkenator picture Vonkenator  路  5Comments