Issue 716148 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 700595
Owner:	----
Closed:	Apr 2017
Cc:	davidben@chromium.org rsleevi@chromium.org
Components:	Internals>Network>Certificate
EstimatedDays:	----
NextAction:	----
OS:	Linux , Android , Windows , Chrome , Mac
Pri:	2
Type:	Bug-Security
allpublic Via-Wizard-Security

Self-signed SSL certificate with no sAN results in NET::ERR_CERT_COMMON_NAME_INVALID

Reported by matt.koe...@gmail.com, Apr 27 2017

Issue description

UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Steps to reproduce the problem:
1. open HTTPS webpage
2. SSL cert error

What is the expected behavior?
in the previous version of chrome the https webpage worked

What went wrong?
The new chrome version doesn't accept my self signed SSL certificate anymore. The certificate is imported to my macOS system and Safari is still able to access the webpage without any trouble.

Did this work before? Yes previous version

Chrome version: 58.0.3029.81  Channel: stable
OS Version: OS X 10.12.4
Flash Version: 

The CN of the certificate is the hostname of the remote machine.

	Bildschirmfoto 2017-04-27 um 22.05.25.png 157 KB View Download

	Bildschirmfoto 2017-04-27 um 22.05.52.png 155 KB View Download

	Bildschirmfoto 2017-04-27 um 22.06.46.png 284 KB View Download

Comment 1 by palmer@chromium.org, Apr 27 2017

Cc: davidben@chromium.org rsleevi@chromium.org
Components: Internals>Network>SSL
Labels: -Restrict-View-SecurityTeam OS-Android OS-Chrome OS-Linux OS-Windows
Status: WontFix (was: Unconfirmed)
Summary: Self-signed SSL certificate with no sAN results in NET::ERR_CERT_COMMON_NAME_INVALID (was: self signed SSL certificate - NET::ERR_CERT_COMMON_NAME_INVALID)

The problem is that Chrome no longer consults the CN; it looks only at subjectAlternativeNames. Wee announced this change in January (https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/4v82AueNjaQ). The thread contains tips for generating certificates with sANs, e.g. https://groups.google.com/a/chromium.org/d/msg/blink-dev/4v82AueNjaQ/TePoFwb5CAAJ.

rsleevi, davidben: Maybe you already have a plan to change the identifier NET::ERR_CERT_COMMON_NAME_INVALID to something like NET::ERR_CERT_SUBJECT_NAME_INVALID, though?

Comment 2 by davidben@chromium.org, Apr 27 2017

Components: -Internals>Network>SSL Internals>Network>Certificate

Comment 3 by rsleevi@chromium.org, Apr 27 2017

Mergedinto: 700595
Status: Duplicate (was: WontFix)

re: Renaming, no, we tend not to rename them (and this was already consistent with treating SANs as this).

Merging into  Issue 700595  for additional details

Project Member

Comment 4 by sheriffbot@chromium.org, Aug 4 2017

Labels: allpublic

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

►

Issue 716148 link

Issue metadata

Self-signed SSL certificate with no sAN results in NET::ERR_CERT_COMMON_NAME_INVALID

Issue description

Comment 1 by palmer@chromium.org, Apr 27 2017

Comment 1 Deleted

Comment 2 by davidben@chromium.org, Apr 27 2017

Comment 2 Deleted

Comment 3 by rsleevi@chromium.org, Apr 27 2017

Comment 3 Deleted

Comment 4 by sheriffbot@chromium.org, Aug 4 2017

Comment 4 Deleted

Sign in to add a comment