Expedition Articles

Featured Article
Access Expedition GUI Using Google Chrome with Certification Error   Symptoms Can't access Expedition GUI using Google chrome, error message ' NET::ERR_CERT_COMMON_NAME_INVALID'  displayed as below screenshot, and you are not able to proceed to the website.   Please note: It's best practice to not proceed to the site failed on certificate error only when self-signed cert is used in Expedition and you confirmed it's safe to proceed to the site.   View of Chrome Error - NET::ERR_CERT_COMMON_NAME_INVALID Diagnosis For Google Chrome 58 and later, only the subjectAlternativeName extension, not commonName, is used to match the domain name and website certificate. If the certificate doesn’t have the correct subjectAlternativeName extension, users get a NET::ERR_CERT_COMMON_NAME_INVALID error letting them know that the connection isn’t private  and will not provide you an option to proceed to the URL.   Please see the article for more details: https://support.google.com/chrome/a/answer/7391219?hl=en   Solution Perform the below steps to re-install the self-signed certification with subjectAltName in Expedition: SSH to Expedition cd to /tmp Modify req.conf by issue below command: $ sudo vi req.conf copy and past below section in req.conf, modify attributes in the file to match your organization ........................................................................................ [req] distinguished_name = req_distinguished_name x509_extensions = v3_req prompt = no [req_distinguished_name] C = US (   Replace this with your county name) ST = VA  (   Replace this with your state name) L = SomeCity  (   Replace this with your city name) O = MyCompany (   Replace this with your company name) OU = MyDivision (   Replace this with your organization name) CN = 192.168.44.131 (   Replace this IP with your Expedition IP ) [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = 192.168.44.131 ( Replace this IP with your Expedition IP ) DNS.2 =   company.com  DNS.3 =   company.net ........................................................................................       saves the changes with ESC :wq!   Issue below commands in order: $ sudo openssl genrsa -out server.key 3072 -config req.conf $ sudo openssl req -new -x509 -key server.key -sha256 -out certificate.pem -days 730 -config req.conf $ sudo cp server.key /etc/ssl/certs/ $ sudo cp certificate.pem /etc/ssl/certs/   Modify the default-ssl.conf by issue below command: $ sudo vi /etc/apache2/sites-enabled/default-ssl.conf  Find below two lines in the default-ssl.conf and replace the path  SSLCertificateFile   /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key    with    SSLCertificateFile   /etc/ssl/certs/certificate.pem SSLCertificateKeyFile /etc/ssl/certs/server.key   saves the changes with ESC :wq   Restart Apache by issue below command: $ sudo systemctl restart apache2   Try access the Expedition GUI again Google chrome should now present you an option under "Advanced"   to proceed to the URL. 
View full article
‎05-15-2020 06:23 AM
3,058 Views
2 Replies
2 Likes
COVID-19 Response Center
Ask Questions Get Answers Join the Live Community