Hello, And:
I'm using lastest PVE cluster.
Then, I create my own Root-CA, Middle-CA, Server Cert.
After upload, Chrome show "ERR_SSL_KEY_USAGE_INCOMPATIBLE" and "thisisunsafe" not working. But with nginx, Chrome can accept the cert.
So as far as I know, Chrome is very picky with ssl cipher algorithm. What config PVE api-server using ? And how to change it or workaround to make chrome accept?
Edit:
The cert contains SAn section
Edit2:
Firefox can accept my selfsigned cert, Only Chrome deny it.
Attachment:
1: OpenSSL Req section
2: Nginx config
I'm using lastest PVE cluster.
Then, I create my own Root-CA, Middle-CA, Server Cert.
After upload, Chrome show "ERR_SSL_KEY_USAGE_INCOMPATIBLE" and "thisisunsafe" not working. But with nginx, Chrome can accept the cert.
So as far as I know, Chrome is very picky with ssl cipher algorithm. What config PVE api-server using ? And how to change it or workaround to make chrome accept?
Edit:
The cert contains SAn section
Edit2:
Firefox can accept my selfsigned cert, Only Chrome deny it.
Attachment:
1: OpenSSL Req section
Code:
basicConstraints = critical, CA:false
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alternate_names2: Nginx config
Code:
server {
server_name _;
listen 443 ssl default;
# If enable TLSv3, Chrome will show ERR_SSL_KEY_USAGE_INCOMPATIBLE
# ssl_prefer_server_ciphers on;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_timeout 60m;
ssl_session_cache shared:SSL:60m;
ssl_certificate "cert/chain.crt";
ssl_certificate_key "cert/ssl.key";
location / {
proxy_pass https://10.100.10.210:8006;
}
}
Last edited:
