Summary

A website with a valid certificate returns the error:

NET::ERR_CERT_COMMON_NAME_INVALID or “Your connection is not private”

Issue

Chrome returns an error
NET::ERR_CERT_COMMON_NAME_INVALID or “Your connection is not private”

When connecting to a site with a valid certificate
image

Delving into the developer console you can see the issue is highlighted “Subject Alternative Name missing”

The issue stems from the method used to request the certificates and how Chrome processes them for TLS verification.

Internet Explorer is able to use the commonName to validate a certificate, Chrome however does not accept this. Instead it uses the subjectAlternativeName property to validate certificates.

https://support.google.com/chrome/a/answer/7391219?hl=en

Implementation

Simply re-generate your certificates with appropriate SAN names in the Certificate Signing Request (csr).

Usually this would be the fully qualified DNS name and short name i.e.

configmonkey.co.uk
configmonkey

I recommend using the DigiCert utility which is an excellent tool for creating and managing certificate requests, it can be found here:

https://www.digicert.com/util/

A guide on how to use the tool can be found here:

https://www.digicert.com/util/csr-creation-microsoft-servers-using-digicert-utility.htm

SSLshopper.com have a very useful tool to allow you to check your created CSR’s to ensure they are valid, this can be found here:

https://www.sslshopper.com/csr-decoder.html

Advertisements