If you just want a self-signed SAN certificate with no backing CA, then read my article here instead, but note that it has limitations that are overcome by using a trusted CA. And Firefox allows you to add a permanent exception, but needs a trusted CA in order to show a fully green trust lock icon. The Windows version of Chrome is the only flavor that allows self-signed certs to be imported as a trusted root authority, all other OS do not trust the self-signed certificate.
If you manage a larger sized internal environment where hosts, services, and containers are in constant flux, this is an operational win.ĬA trust also had advantages to self-signed certs because browsers like Chrome 58 and Firefox 48 have limitations on trusting self-signed certificates.
Openssl subject alternative name install#
Operationally, having your own trusted CA is advantageous over a self-signed certificate because once you install the CA certificate on a set of corporate/development machines, all the server certificates you issue from that CA will be trusted. This article will guide you through creating a trusted CA (Certificate Authority), and then using that to sign a server certificate that supports SAN ( Subject Alternative Name).
There are numerous articles I’ve written where a certificate is a prerequisite for deploying a piece of infrastructure.
0 kommentar(er)
