ERR_CERT_COMMON_NAME_INVALID because of Subject Alternative Name missing


If you are seeing similar errors in Chrome as below, your private cert probably missed the SAN. Starting from Chrome 58, it validates the DNS against the SAN that is in the certificate. Here is the quote that I found

“Certificates have two ways to express the domain/IP they’re bound to – one which is unstructured and ambiguous (commonName), and one which is well-defined (subjectAltName). In the absence of any subjectAltNames, Chrome currently falls back to comparing the domain against the commonName, if present.
This proposal is to remove that fallback path; in effect, requiring a subjectAltName. Ideally, we would do this for all certificates (publicly trusted and privately trusted), but if there are
concerns about compat risk, we can restrict it to publicly trusted certificates.”

missing_SAN

Reference
https://groups.google.com/a/chromium.org/forum/m/#!topic/security-dev/IGT2fLJrAeo https://stackoverflow.com/questions/43665243/invalid-self-signed-ssl-cert-subject-alternative-name-missing

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s