9097dc5ad8
Add a partially random O= item to the certificate subject in order to make the automatically generated certificates' subjects unique. Firefox has problems when several self-signed certificates with CA:true attribute and identical subjects have been seen (and stored) by the browser. Reference to upstream bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=1147544 https://bugzilla.mozilla.org/show_bug.cgi?id=1056341 https://bugzilla.redhat.com/show_bug.cgi?id=1204670#c34 Certificates created by the OpenSSL one-liner fall into that category. Avoid identical certificate subjects by including a new 'O=' item with CommonName + a random part (8 chars). Example: /CN=LEDE/O=LEDEb986be0b/L=Unknown/ST=Somewhere/C=ZZ That ensures that the browser properly sees the accumulating certificates as separate items and does not spend time trying to form a trust chain from them. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> |
||
|---|---|---|
| .. | ||
| authsae | ||
| dnsmasq | ||
| dropbear | ||
| ead | ||
| hostapd | ||
| igmpproxy | ||
| ipset-dns | ||
| lldpd | ||
| mdns | ||
| odhcpd | ||
| omcproxy | ||
| openvpn | ||
| openvpn-easy-rsa | ||
| ppp | ||
| relayd | ||
| samba36 | ||
| uhttpd | ||