New issue
Advanced search Search tips

Issue 898765 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Dec 12
Cc:
viswa.karala@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

mosquitto with SSL/TLS enables not working in Google Chrome

Reported by navanath...@gmail.com, Oct 25 
UserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36

Steps to reproduce the problem:
1. configure mosquitto with tls & websocket enables
2. using Paho client create simple application to receive message from mosquitto broker
3. In chrhome i'm getting this error VM19:482 WebSocket connection to 'wss://mdcc:9883/mqtt' failed: Error in connection establishment: net::ERR_CERT_COMMON_NAME_INVALID

What is the expected behavior?
1.In Internet explorer it is working fine
2.It should receive the data for the topic it subscribed

What went wrong?
2. using Paho client create simple application to receive message from mosquitto broker
3. In chrhome i'm getting this error VM19:482 WebSocket connection to 'wss://mdcc:9883/mqtt' failed: Error in connection establishment: net::ERR_CERT_COMMON_NAME_INVALID

Did this work before? No 

Chrome version: 70.0.3538.67  Channel: n/a
OS Version: 6.3
Flash Version: 

Please resolve this issue as soon as possible
Untitled.png
33.1 KB View Download

Comment 1 by eroman@chromium.org, Oct 25

Components: Internals>Network>Certificate
Generally that means the certificate lacks a subjectAltName.

Comment 2 by pmarko@chromium.org, Nov 5

Components: -Enterprise
Removing label Enterprise as this does not seem to be related to enterprise management / policies.

As eroman@ has stated, chrome requires the server certificate to contain a Subject Alternative Name that can be matched against the domain name or IP address. 
Please see https://support.google.com/chrome/a/answer/7391219?hl=en for more details.

There used to be an enterprise policy called EnableCommonNameFallbackForLocalAnchors until Chrome 65 to allow the (deprecated) matching agains Subject CommonName, but it's been removed in Chrome 66: https://support.google.com/chrome/a/answer/7643500?hl=en .

Comment 3 by viswa.karala@chromium.org, Nov 9

Cc: viswa.karala@chromium.org
Labels: Needs-Feedback Triaged-ET
Thanks for filing the issue!

@Reporter: If possible could you please provide sample Test file/URL that reproduces the issue which help in further triaging it in better way.

Thanks!

Comment 4 by nhar...@chromium.org, Nov 20 

navanathdivate: Were you able to check whether the certificate contained a subjectAltName as mentioned in comments 1 and 2?

Comment 5 by zhongyi@chromium.org, Dec 3 

navanathdivate: a friendly ping, please reply to Comment 4. Thanks!

Comment 6 by svaldez@chromium.org, Dec 12

Status: WontFix (was: Unconfirmed)
Closing this bug for now, feel free to re-open if you can provide the information requested.

Sign in to add a comment