[squid-users] Chrome 58+: only the subjectAlternativeName extension, not commonName, is used to match the domain name and site certificate

Eliezer Croitoru eliezer at ngtech.co.il
Thu May 18 09:05:38 UTC 2017


Hey List,

Since one of the subjects is SSL and specifically SSL-BUMP I noticed a
change today and found out that:
For Chrome 58 and later, only the subjectAlternativeName extension, not
commonName, is used to match the domain name and site certificate.
 If the certificate doesn’t have the correct subjectAlternativeName
extension, users get a NET::ERR_CERT_COMMON_NAME_INVALID error letting them
know that the connection isn’t private. 

Google source:
https://support.google.com/chrome/a/answer/7391219?hl=en

So if someone will see something weird... it might not even be related
directly to squid!

Regards,
Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il






More information about the squid-users mailing list