Michael Leone on 26 Jun 2019 06:41:12 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Fwd: Confused - certificate is valid in IE/Edge but not in Chrome?

For Chrome 58 and later, only the subjectAlternativeName extension,
not commonName, is used to match the domain name and site certificate.
The certificate subject alternative name can be a domain name or IP
address. If the certificate doesn’t have the correct
subjectAlternativeName extension, users get a
NET::ERR_CERT_COMMON_NAME_INVALID error letting them know that the
connection isn’t private. If the certificate is missing a
subjectAlternativeName extension, users see a warning in the Security
panel in Chrome DevTools that lets them know the subject alternative
name is missing.

So I have to fix my openssl config, so that it adds those SANs
(sugbjectAlternateNames). Problem is, all the examples I find for "alt
names" seem to hardcode a name in the config file. Can that be right?

Shouldn't the SAN be the same as the common name of the cert? What am
I not getting, about this? Example:

DNS.1 = server1.example.com
DNS.2 = mail.example.com
DNS.3 = www.example.com
DNS.4 = www.sub.example.com
DNS.5 = mx.example.com
DNS.6 = support.example.com

That's all fine, if you're issuing a cert for "example.com". :-) So
how do you tell it to use the common name, as at least one of the

Thanks. Sorry for the confusion.
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug