Problem

Security Certificate is not accepted by Chrome browser despite being installed and trusted on Web VM.

Solution

The problem is caused by the changes introduced in Chrome browser versions 58+.

New Certificate should be created according to these guidelines:

Chrome 58+ no longer matches the Common Name (CN) in certificates, it uses Subject Alternative Names (SAN) instead.

SAN must contain proper DNS or IP entry.

When DNS is used, it should be a resolvable FQDN name.

When an IP address is used, it should be explicitly specified as such within the SAN chain.

Related articles

Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.

Related issues


Chrome 58+ no longer matches the Common Name (CN) in certs.

Now it uses Subject Alternative Names (SAN) instead.

SAN must contain proper DNS or IP entry.

When DNS is used, it should be a resolvable FQDN name.

When an IP address is used, it should be explicitly specified as such within the SAN chain.