Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-3804

httpsserver.an (altname) is ipaddress 127.0.0.1 by default, and no dnsName matching CN

    Details

    • Issue discovered during:
      Community

      Description

      During installation tomcat server certificate is created with CN=localhost (or hostname you specify) and ipAddress=127.0.0.1 (always). This is not proper.

      Should be:
      CN=hostname
      dnsName=hostname

      These fields must match, and ipAddress should not be used for server certificates.

      Borwsers like Chrome will start rejecting server certificates like this.

        Attachments

          Activity

            People

            Assignee:
            tomas Tomas Gustavsson
            Reporter:
            tomas Tomas Gustavsson
            Verified by:
            Johan Eklund
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: