Hi Keith,
We encountered the same issue with v58 using DCM generated certs. The way we addressed the issue was by creating the CSR on a Linux machine and then importing the cert to DCM. It's tricky because the only way (AFAIK) is to create a configuration file to base the CSR off of. The typical CLI procedure alone wouldn't do it.
An outline of this process can be found here:
https://geekflare.com/san-ssl-certificate/
While not the most difficult work around, this may be a sign DCM needs an update. Google is just enforcing a nearly 20 year old RFC and there is no way (AFAIK) to add a SAN using DCM alone.
GL,
Dan Lanza
-----Original Message-----
From: Keith McCully [mailto:keithmccully@xxxxxxxxx]
Sent: Monday, May 15, 2017 11:54 AM
To: Web Enabling the IBM i (AS/400 and iSeries) <web400@xxxxxxxxxxxx>
Subject: [WEB400] Privacy Error on loading intranet page in Chrome
Hi,
Our intranet site is running on the IBM i at version 7.1 and I am implementing SSL using DCM.
Using IE browser everything runs fine but when I attempt the same in Chrome I get this privacy error:
NET::ERR_CERT_COMMON_NAME_INVALID
Google chrome help suggests that this issue started at Chrome v58 (earlier this year) as Commom Name (CN) matching no longer applies but instead requires the Subject Alternative Name (SAN) set to the Fully Qualified Domain Name.
I created the Certificate Request in DCM but this doesn't give me an option of including the SAN.
I thought that perhaps our CA admin should generate the SAN on receipt of the Certificate Request but he didn't think that was the case.
Has anyone else encountered this issue and, if so, how was it resolved?
Thanks,
Keith
midrange.com
