Nieuws

As of Chrome 58 release, self-signed certificates without SubjectAltName will no longer be trusted

As of Chrome 58 release  self signed certificates without SubjectAltName will no longer be trusted

In the Chrome 58 release, certificates that do not specify host names in the SubjectAltName field will lead to a "Your connection is not private" error. A similar change was implemented in Firefox 48, but users did not report any problems prior to that. 

Details of the error page are indicating type of error - [missing_subjectAltName]. This was done in order to ease user's understanding of the problem, because the error code NET :: ERR_CERT_COMMON_NAME_INVALID is generic and can be displayed in different context. Warning “Subject Alternative Name Missing” is also present in the Security panel of developer tools.

Chrome 58 allows to temporarily restore the old browser behavior. This could be done by using the EnableCommonNameFallbackForLocalAnchors policy. Doing so allows to avoid the re-generation of certificates. However, this solution is temporary and will be removed in future versions of the browser (no later than Chrome 65). We strongly advise that you re-generate self-signed SSL certificates with the Subject Alternative Name extension enabled.

It is also important to remember that the utility Makecert.exe, supplied with Windows®, is not able to set the SubjectAltName field in the certificates, and therefore you should not use it to generate self-signed certificates. Instead, it's best to refer to the modern SelfSignedCertificate command in PowerShell.

Self-signed SSL certificates provide very weak (almost zero) protection against intruders. We strongly suggest switching to commercial SSL certificates from trusted certification authorities, such as Comodo, Symantec, Thawte, etc. You can always order them in our store at affordable prices.


Bent u klaar om het te proberen?


Ja! Laten we het gratis proberen!

Nog vragen?
Bel ons nu +31 20 7640722