In the latest version of Google chrome (58 but maybe even in 57), Chrome requires certificates to specify the host name(s) in the SubjectAltName field (SAN). Firefox latest update is following the same method. Values in the subject field will be ignored.
Certificates that rely on this deprecated behavior will now be rejected with:
ERR_CERT_COMMON_NAME_INVALID
The affected certificates are often locally generated ones for development purposes, or are part of a private PKI. The solution is to re-generate the certificates to include a Subject Alternative Name extension, or to enable an option in Chrome to allow them.
You must be logged in to post a comment.