[Google Chrome] NET::ERR_CERT_COMMON_NAME_INVALID or "Your connection is not private" when connecting to a site with a valid certificate

Summary

A website with a valid certificate returns the error:

NET::ERR_CERT_COMMON_NAME_INVALID or “Your connection is not private”

Issue

Chrome returns an error
NET::ERR_CERT_COMMON_NAME_INVALID or “Your connection is not private”

When connecting to a site with a valid certificate
image

Delving into the developer console you can see the issue is highlighted “Subject Alternative Name missing”

The issue stems from the method used to request the certificates and how Chrome processes them for TLS verification.

Internet Explorer is able to use the commonName to validate a certificate, Chrome however does not accept this. Instead it uses the subjectAlternativeName property to validate certificates.

https://support.google.com/chrome/a/answer/7391219?hl=en

Implementation

Simply re-generate your certificates with appropriate SAN names in the Certificate Signing Request (csr).

Usually this would be the fully qualified DNS name and short name i.e.

configmonkey.co.uk
configmonkey

I recommend using the DigiCert utility which is an excellent tool for creating and managing certificate requests, it can be found here:

https://www.digicert.com/util/

A guide on how to use the tool can be found here:

https://www.digicert.com/util/csr-creation-microsoft-servers-using-digicert-utility.htm

SSLshopper.com have a very useful tool to allow you to check your created CSR’s to ensure they are valid, this can be found here:

https://www.sslshopper.com/csr-decoder.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s