[squid-users] Chrome 58+: only the subjectAlternativeName extension, not commonName, is used to match the domain name and site certificate
Eliezer Croitoru
eliezer at ngtech.co.il
Thu May 18 09:05:38 UTC 2017
Hey List,
Since one of the subjects is SSL and specifically SSL-BUMP I noticed a
change today and found out that:
For Chrome 58 and later, only the subjectAlternativeName extension, not
commonName, is used to match the domain name and site certificate.
If the certificate doesn’t have the correct subjectAlternativeName
extension, users get a NET::ERR_CERT_COMMON_NAME_INVALID error letting them
know that the connection isn’t private.
Google source:
https://support.google.com/chrome/a/answer/7391219?hl=en
So if someone will see something weird... it might not even be related
directly to squid!
Regards,
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
More information about the squid-users
mailing list