[squid-users] Chrome 58+: only the subjectAlternativeName extension, not commonName, is used to match the domain name and site certificate
eliezer at ngtech.co.il
Thu May 18 09:05:38 UTC 2017
Since one of the subjects is SSL and specifically SSL-BUMP I noticed a
change today and found out that:
For Chrome 58 and later, only the subjectAlternativeName extension, not
commonName, is used to match the domain name and site certificate.
If the certificate doesn’t have the correct subjectAlternativeName
extension, users get a NET::ERR_CERT_COMMON_NAME_INVALID error letting them
know that the connection isn’t private.
So if someone will see something weird... it might not even be related
directly to squid!
Linux System Administrator
Email: eliezer at ngtech.co.il
More information about the squid-users