How to Solve Errors: "Subject Alternative Name Missing"; “NET::ERR_CERT_COMMON_NAME_INVALID”; or "Your connection is not private" in Google Chrome
Google Chrome Version 58 or higher
TM-T88VI-i / TM-T88VI-iHub
TM-P80 / TM-P60II / TM-P20
UB-E04 / UB-R04
For Chrome 58 and later, only the subjectAlternativeName extension (not commonName), is used to match the domain name and site certificate. If the certificate does not have the correct subjectAlternativeName extension, the user will receive an error warning that the connection isn’t private.
RFC 2818 describes two methods to match a domain name against a certificate:
Using the available names within the subjectAlternativeName extension; or,
Use the the commonName.
Use of commonName was deprecated in RFC 2818 (published 2000), but support remained in most clients. For security reasons, this support has now been removed.
Two options exist for Google Chrome users to work around this issue:
Disable the checking of subjectAlternativeName in Chrome.
This is a work-around that will not function beyond version 65 of Google Chrome, and should only be used a temporary fix.
Replace the offending certificate with one that uses the subjectAlternativeName extension.
If implemented correctly, this is a permanent fix that should work for most or all browsers that may implement subjectAlternativeName checking.
How to disable the checking of subjectAlternativeName in Chrome:
By adding the following setting to your environment, Chrome can be forced to allow certificates that are missing the subjectAlternativeName extension:
When this setting is enabled, Google Chrome will use the commonName of a server certificate to match a hostname if the certificate is missing a subjectAlternativeName extension, as long as it successfully validates and chains to a locally-installed CA certificate.
A registery key can be added to Windows by entering the following at the Command Prompt: