Jump to content


Photo

OpenSSL Cert with SAN for Chrome

openssl certificates key

  • Please log in to reply
No replies to this topic

#1 mwil2006

mwil2006

    Newbie

  • Member
  • Pip
  • 1 posts
  • Main OS: Other

Posted 29 August 2017 - 05:48 AM

Hi,

 

I have Uniform running on a Windows 10 platform and all is working except when I use Chrome.

 

Using IE or Edge to browsing to my local server using a DNS name "https://mysite.co.uk" (example) works fine.

Chrome however posts the following response:

Your connection is not private

Attackers might be trying to steal your information from mysite.co.uk (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_COMMON_NAME_INVALID

 

I have learnt that since Chrome 58 the browser is not using the Common Name part of the certificate, it uses the Subject Alternate Names (SAN) to verify the address.

 

https://bugs.chromiu...etail?id=700595  -  Chrome no longer accepts certificates that fallback to common name(ERR_CERT_COMMON_NAME_INVALID)
Chromium removed support for matching common name in certificates in M58:
* Issue 308330
* https://www.chromest...981025180483584

 

QUESTION

 

Is there a simple way of reconfiguring the openssl files supplied so that a SAN is added to the certificate when I use the GUI: "Apache->Apache SSL->Server Certificate and Key Generation"?  Alternatively can you advise how using the command line/config files I can achieve the same outcome of a SAN?

 

Many thanks :-)






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users