CentOS5 + Lighttpd (EPEL) – Fix Chrome Security Warning?
Apologies if I should ask this elsewhere, google search is not helping.
I’ve got a CentOS5 server with lighttpd installed from EPEL, configured for https only (no connections on ports other than 443). I
have the latest security updates for openssl, etc. However, when connecting to the server with recent Chrome from Windows or Android, I
get the “Your connection is not private” dialog with
“NET::ERR_CERT_VALIDITY_TOO_LONG”.
Is this just a configuration issue (in which case, what do I change?)
or do I need to further upgrade one of lighttpd or openssl?
Thanks for any feedback.
4 thoughts on - CentOS5 + Lighttpd (EPEL) – Fix Chrome Security Warning?
Your certificate is apparently valid for longer than 39 months.
Running your error message “NET::ERR_CERT_VALIDITY_TOO_LONG” through google returns pages and pages of information explaining this issue.
says your certificate’s valid interval is too long. recent chrome rejects certs that are valid for 40+ months.
You need to reissue cert with stronger hash algorithm than sha1
Eero kirjoitti:
21.4.2015 1.13 ap. “Bart Schaefer”
Thanks, I just found that one myself. In fact on a different platform the error message from Chrome actually explains it directly rather than just quote the error string.
I was too focused on restricting the search to lighttpd and not enough on the error string.