1

I am using OpenSSL to create SSL certificates to make my web application runnable with https to overcome issues to access microphone in chrome as it stopped allowing access now days without https.

We only need to make it runnable in our Intranet, its not getting live to world.

I used this link to create OpenSSL SSL certificates and configurations.

My V3.ext file contains is as below:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = acme-site.dev
DNS.2 = acme-static.dev

Finally its working fine in my local system but not in other systems in our LAN.

enter image description here

I already insert host in that system.

Can anyone help me how to make it runnable in all LAN systems ?

Abhishek Parmar
  • 23
  • 1
  • 6

1 Answers1

0

This is a general problem with self-signed certificates. You need to add your self-signed certificated to the list of trusted certificates on all the systems you want to accept it.

If you will be creating more self-signed certificates, you may want to create your own certification authority (CA) and then add its root (or an intermediate) certificate to your systems. There are instructions on setting up a CA at https://jamielinux.com/docs/openssl-certificate-authority/.

Jon
  • 3,573
  • 2
  • 17
  • 24
  • Jon do you mean its not feasible to access https site in LAN which contains self sign ssl certificate ? If I add certificate to browser than its working fine in LAN computer. Is there any way to automatically import SSL certificated in each client's browser's trusted certificates when they access site ? – Abhishek Parmar Jun 25 '18 at 14:11
  • There are ways to import the SSL certificate into each browser's trusted stores, yes. For Windows machines you could use group policy-type management tools. For Linux, you'll be copying certificates into /etc/pki/tls or the like. Have a look at pages like https://specopssoft.com/support-docs/specops-password-reset/reference-material/installing-the-self-signed-ssl-certificate-into-the-trusted-root-certificate-authorities-store/ or https://stackoverflow.com/questions/22509271/import-self-signed-certificate-in-redhat – Jon Jun 26 '18 at 14:10
  • I am not able to find GPO in my system [Windows 8.1] the way above link contains, however I can see Edit Group Policy but I don't have any options like **Trusted Root Certification Authorities** inside Edit Group Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies. – Abhishek Parmar Jun 27 '18 at 14:12