Certificate too long

[jjmmbb]

Even after add root ca as a trusted certificate, browsers are not allowing saying about invalid certificate. Searching for a solution I have found that any browser is rejecting SSL certificates with validity above to 397 days. I think a fixing this issue will also need an auto renew script.

https://stackoverflow.com/questions/64597721/neterr-cert-validity-too-long-the-server-certificate-has-a-validity-period-t

[sahilph]

If you add it to your OS's certificate store and restart your browser, this shouldn't be an issue. I have tested it on Windows with Chrome browser.

What is your OS and browser ?

[jjmmbb]

If you add it to your OS's certificate store and restart your browser, this shouldn't be an issue. I have tested it on Windows with Chrome browser.

What is your OS and browser ?

I have tested on iOS, Windows and MacOS. All them, even importing to root ca trusted, the issue persists. Apparently it's a limitation from new browsers.

[sahilph]

Just to confirm, while trusting the root ca, did you follow the steps from the wiki ?

[jjmmbb]

Just to confirm, while trusting the root ca, did you follow the steps from the wiki ?

Yes. But I think that is related to devices. Take a look at: https://www.ssls.com/blog/apples-new-ssl-lifetime-limitation-and-what-it-means-for-you/.

[sahilph]

I got a hold of Macbook and tried adding the root CA to the Keychain. After adding, chrome accepted it just fine, no errors. For, Safari I had to take a few additional steps for the first time, henceforth it gave no issues.

Yes. But I think that is related to devices. Take a look at: https://www.ssls.com/blog/apples-new-ssl-lifetime-limitation-and-what-it-means-for-you/.

That is for certificates issued by Public CA not for self signed certificates..

[sahilph]

I am not able to replicate this. Anyways, these are self-signed certificates and they will not work as regular SSL certificates. Errors will have to be manually bypassed in certain cases..