Hello Let's Encrypt community.
I know how to create OpenSSL certificates for the server and the clients.
I discovered the link below to create these certificates:
--> OpenSSL Certificate Authority — Jamie Nguyen
My way of proceeding is good since it works.
But I have several questions for you.
I created a self-signed root (Ca) certificate with OpenSSL and two types of certificates (intermediate, server and client):
--> "General" common to all my sites except localhost.
--> "Localhost" specific only to localhost.
a) why can I access my site-un web page through the "Localhost" certificate?
Also, can I access my localhost web page through my "General" certificate?
I thought the verification of the site name was done by the certificate before entering the web page.
The site name localhost is present only in the "Localhost" certificate.
Same for site-un which is only present in the "General" certificate.
Am I to understand that the certificate alone is not enough to restrict access to a web page?
b) when I put the "localhost" url in the address bar, Google Chrome offers me my two client certificates "Localhost" and "General".
I expected to get only the client certificate corresponding to the selected url.
Why is he offering me my two certificates?
c) The "Localhost" client certificate is unique for the localhost url. How come I have to select it?
d) If I type any url in the address bar, Google Chrome does not offer me my client certificates.
There is indeed a check between the url and the client certificate.
This may be the normal behavior of certificates in browsers like Google Chrome. But I couldn't find any information about it.
I expected the operation of certificates to be transparent to the user, without the user having to intervene.