Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
1
-
Description
Problem Definition
Chrome 58 and later releases require subjectAlternativeName (SAN) extension as per https://developers.google.com/web/updates/2017/03/chrome-58-deprecations#remove_support_for_commonname_matching_in_certificates
Please see related links on the changes
- https://www.thesslstore.com/blog/security-changes-in-chrome-58/
- https://communities.ca.com/thread/241776307
Suggested Solution
Update the documentation at https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html to share steps on
- How to generate certificate with subjectAlternativeName extension using Keystore Explorer. We are already suggesting to use Keystore Explorer, but it would be good to have more details on that
- Portecle doesn't seem to support adding subjectAlternativeName on creation
- How to generate certificate with subjectAlternativeName extension via Command line
Why this is important
Chrome will throw an error on certificate generated without subjectAlternativeName extension. Other browsers will soon follow