-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix browser prompting ERR_CERT_INVALID for direct HTTPS access #4860
Conversation
Signed-off-by: Jeffrey Chu <peihuachu1112@gmail.com>
Signed-off-by: Jeffrey Chu <peihuachu1112@gmail.com>
Welcome @oneoneonepig! |
Fixes #2947 |
Signed-off-by: Jeffrey Chu <peihuachu1112@gmail.com>
/lgtm |
Signed-off-by: Jeffrey Chu <peihuachu1112@gmail.com>
Codecov Report
@@ Coverage Diff @@
## master #4860 +/- ##
=========================================
+ Coverage 45.39% 45.4% +<.01%
=========================================
Files 214 214
Lines 9978 9983 +5
Branches 94 94
=========================================
+ Hits 4530 4533 +3
- Misses 5184 5185 +1
- Partials 264 265 +1
Continue to review full report at Codecov.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: floreks, oneoneonepig, shu-mutou The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
The
notBefore
andnotAfter
x509 field is missing when creating the certificate, causing the certificate to have no valid date information. The notBefore and notAfter decodes to "00010101000000Z", which seems like a "GeneralizedTime" according to RFC5280 and decodes to something like 0001/1/1, eventually causing the browser to prompt certificate error.If the self-signed certificate is invalid because of the duration, subject name, insecure algorithm or EKU, user should be able to skip the certificate invalid prompt since most of the self-signed certificate are for developing.
Also I've modified the deployment YAMLs so that the self-signed certificates can show proper subject name instead of leaving it empty.