Zentyal Forum, Linux Small Business Server
Zentyal Server => Other modules => Topic started by: hwahrmann on December 04, 2019, 04:10:40 pm
-
Hi,
i have commented out all lines with "nsComment" in /var/lib/zentyal(conf/openssl.cnf and restarted the ca module.
However all my generated Certificates still contain "Netscape Comment = OpenSSL Generated Certificate"
Seems that Java 11 doesn't like that in Server certificates as it throws a "Netscape cert type does not permit use for SSL server".
as the above mentioned nsComment is the only Netscape related value in the cert, i guess this is the problem.
Any idea, how i could remove that or where it comes from?
thanks,
Helmut
-
:)
Read this: https://doc.zentyal.org/en/appendix-c.html#stubs (https://doc.zentyal.org/en/appendix-c.html#stubs)
The template you have to customize is "/usr/share/zentyal/stubs/ca/v3_ext.mas"
Here you can see the nsComment parameter:
...
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
...
Remember... You don't have to customize this template. You have to create the "/etc/zentyal/stubs/ca" folder, copy into the "/usr/share/zentyal/stubs/ca/v3_ext.mas" template and customize it.
Cheers!
-
You are my hero. That worked perfect.
Might be good to get rid of this standard comment, because Java 11 doesn't like it, if you want to use such a cert for secure connections to a server.